General
-
Target
b97ca324b50c24c05c82b6ae51702cc8bedcd1474bb875099260559463683883.exe
-
Size
1.2MB
-
Sample
240612-chrweaydkq
-
MD5
ab3fa137f1603d28a0c4f79d4bb4c418
-
SHA1
d76a52558a2a30343a7e0595d3f951683db444a5
-
SHA256
b97ca324b50c24c05c82b6ae51702cc8bedcd1474bb875099260559463683883
-
SHA512
262a143884a62d1c161545efbbbd7f8ea14f55ed62fe65bf568d3a35ad5e3a82c4e456da8e8ee8d440043e91a9d59735cbd2fc121b4238a70f2993705142ef3f
-
SSDEEP
24576:3AHnh+eWsN3skA4RV1Hom2KXMmHaRI6pG0YhZ4WIT1QesUz+C7h5:qh+ZkldoPK8YaRI68SKesU1
Static task
static1
Behavioral task
behavioral1
Sample
b97ca324b50c24c05c82b6ae51702cc8bedcd1474bb875099260559463683883.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
b97ca324b50c24c05c82b6ae51702cc8bedcd1474bb875099260559463683883.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
b97ca324b50c24c05c82b6ae51702cc8bedcd1474bb875099260559463683883.exe
-
Size
1.2MB
-
MD5
ab3fa137f1603d28a0c4f79d4bb4c418
-
SHA1
d76a52558a2a30343a7e0595d3f951683db444a5
-
SHA256
b97ca324b50c24c05c82b6ae51702cc8bedcd1474bb875099260559463683883
-
SHA512
262a143884a62d1c161545efbbbd7f8ea14f55ed62fe65bf568d3a35ad5e3a82c4e456da8e8ee8d440043e91a9d59735cbd2fc121b4238a70f2993705142ef3f
-
SSDEEP
24576:3AHnh+eWsN3skA4RV1Hom2KXMmHaRI6pG0YhZ4WIT1QesUz+C7h5:qh+ZkldoPK8YaRI68SKesU1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-