General
-
Target
add0cec032cff1069925f00734c1296bd4e305c4e07006b3b0fa3b9497d8e626.exe
-
Size
1.1MB
-
Sample
240612-cer21aycpk
-
MD5
d70c602a2e3471f1676b939409d7172f
-
SHA1
ce8fc0b594b46a049df4e64569bc030931504b6f
-
SHA256
add0cec032cff1069925f00734c1296bd4e305c4e07006b3b0fa3b9497d8e626
-
SHA512
a718cc3cf60c7c9f5893e34da62daf0266855c8938cc55cc1108f2ccc881f56a293f35160ded8d4205ca7972e891e0b3406889ec9bbbd989ba3674ca11f3e966
-
SSDEEP
24576:wAHnh+eWsN3skA4RV1Hom2KXMmHamatMiaQQeR28/OF5:nh+ZkldoPK8YamhiaQQU28/M
Static task
static1
Behavioral task
behavioral1
Sample
add0cec032cff1069925f00734c1296bd4e305c4e07006b3b0fa3b9497d8e626.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
add0cec032cff1069925f00734c1296bd4e305c4e07006b3b0fa3b9497d8e626.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp8nl.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
rwe87$%21q - Email To:
[email protected]
Targets
-
-
Target
add0cec032cff1069925f00734c1296bd4e305c4e07006b3b0fa3b9497d8e626.exe
-
Size
1.1MB
-
MD5
d70c602a2e3471f1676b939409d7172f
-
SHA1
ce8fc0b594b46a049df4e64569bc030931504b6f
-
SHA256
add0cec032cff1069925f00734c1296bd4e305c4e07006b3b0fa3b9497d8e626
-
SHA512
a718cc3cf60c7c9f5893e34da62daf0266855c8938cc55cc1108f2ccc881f56a293f35160ded8d4205ca7972e891e0b3406889ec9bbbd989ba3674ca11f3e966
-
SSDEEP
24576:wAHnh+eWsN3skA4RV1Hom2KXMmHamatMiaQQeR28/OF5:nh+ZkldoPK8YamhiaQQU28/M
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-