General
-
Target
a3d0339ed9baefeedb6cb984e3e6fcafeb59dab6484c0b75e44a6c24b1cd31f6.exe
-
Size
933KB
-
Sample
240612-ccw8yaycll
-
MD5
15d4b3a4b2907c2602eb46b084afe911
-
SHA1
90a8ae980f1dd539e8716e7b5c26e7f229620a3b
-
SHA256
a3d0339ed9baefeedb6cb984e3e6fcafeb59dab6484c0b75e44a6c24b1cd31f6
-
SHA512
4df17340873fd0bf929cbb79b3d7db2e85fb02c211b10866b69b2be51bfce1576c2eaef2b4321fad89274e1208d0dcad70c132e5c12493bf1d58b603c8ddab59
-
SSDEEP
12288:P9S0DlaggXSvN7EM8N+CzaXuGTNVSG6SRiI2qecz+ELeK67nIPZqwLf6d1:1SRDWN7EMLkWNVSG0LwPtsIxqwrM1
Static task
static1
Behavioral task
behavioral1
Sample
a3d0339ed9baefeedb6cb984e3e6fcafeb59dab6484c0b75e44a6c24b1cd31f6.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a3d0339ed9baefeedb6cb984e3e6fcafeb59dab6484c0b75e44a6c24b1cd31f6.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
ozenmobilya.com - Port:
587 - Username:
[email protected] - Password:
ozennefes - Email To:
[email protected]
Targets
-
-
Target
a3d0339ed9baefeedb6cb984e3e6fcafeb59dab6484c0b75e44a6c24b1cd31f6.exe
-
Size
933KB
-
MD5
15d4b3a4b2907c2602eb46b084afe911
-
SHA1
90a8ae980f1dd539e8716e7b5c26e7f229620a3b
-
SHA256
a3d0339ed9baefeedb6cb984e3e6fcafeb59dab6484c0b75e44a6c24b1cd31f6
-
SHA512
4df17340873fd0bf929cbb79b3d7db2e85fb02c211b10866b69b2be51bfce1576c2eaef2b4321fad89274e1208d0dcad70c132e5c12493bf1d58b603c8ddab59
-
SSDEEP
12288:P9S0DlaggXSvN7EM8N+CzaXuGTNVSG6SRiI2qecz+ELeK67nIPZqwLf6d1:1SRDWN7EMLkWNVSG0LwPtsIxqwrM1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables packed with or use KoiVM
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-