General
-
Target
72fc44e07f3f6f0aed8758b3025d82d4e0cc60aa6b192255104d37f574ab82a7.exe
-
Size
1.1MB
-
Sample
240613-brsnmayfqb
-
MD5
b8372e8950ad65c20ddf78270e5ff106
-
SHA1
0bb0741c9db5bbd09b36a1bc5cbacbfd491aa7bc
-
SHA256
72fc44e07f3f6f0aed8758b3025d82d4e0cc60aa6b192255104d37f574ab82a7
-
SHA512
4811705a2ab8e7c939bf491b7510b7206e056547cdb8a724fc0abc73df0e85aa5ed046e3ddc129438c7124935638e14ba33175b1e3387261087598f7de0da9e1
-
SSDEEP
24576:8AHnh+eWsN3skA4RV1Hom2KXMmHabsgblHepVzP5:bh+ZkldoPK8YabsAent
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp8nl.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
@qwerty90123 - Email To:
[email protected]
Targets
-
-
Target
72fc44e07f3f6f0aed8758b3025d82d4e0cc60aa6b192255104d37f574ab82a7.exe
-
Size
1.1MB
-
MD5
b8372e8950ad65c20ddf78270e5ff106
-
SHA1
0bb0741c9db5bbd09b36a1bc5cbacbfd491aa7bc
-
SHA256
72fc44e07f3f6f0aed8758b3025d82d4e0cc60aa6b192255104d37f574ab82a7
-
SHA512
4811705a2ab8e7c939bf491b7510b7206e056547cdb8a724fc0abc73df0e85aa5ed046e3ddc129438c7124935638e14ba33175b1e3387261087598f7de0da9e1
-
SSDEEP
24576:8AHnh+eWsN3skA4RV1Hom2KXMmHabsgblHepVzP5:bh+ZkldoPK8YabsAent
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-