General
-
Target
e7413d14be16f0ef9d69ab606b79523851edce48ddb94d335388f6ef10bb6388.exe
-
Size
1.4MB
-
Sample
240727-vpxz4sshjc
-
MD5
7ccb3c07bf2918bbcad959e27e17f083
-
SHA1
978f8c090da4173cdf2544b38b5e53aa6fc2fab7
-
SHA256
e7413d14be16f0ef9d69ab606b79523851edce48ddb94d335388f6ef10bb6388
-
SHA512
22d2552eb839a9643cd939acf70501b91a933b44c29fda7ccfc1bf5c3b1da44229e87dca3177424c23d30b61f76cead0dcd2c25bced77cc141a5ebd6f29c56cc
-
SSDEEP
24576:1qDEvCTbMWu7rQYlBQcBiT6rprG8aGM8k0V0F0t0Kta4Plh3:1TvC/MTQYxsWR7aGM8Nt0aXd
Malware Config
Targets
-
-
Target
e7413d14be16f0ef9d69ab606b79523851edce48ddb94d335388f6ef10bb6388.exe
-
Size
1.4MB
-
MD5
7ccb3c07bf2918bbcad959e27e17f083
-
SHA1
978f8c090da4173cdf2544b38b5e53aa6fc2fab7
-
SHA256
e7413d14be16f0ef9d69ab606b79523851edce48ddb94d335388f6ef10bb6388
-
SHA512
22d2552eb839a9643cd939acf70501b91a933b44c29fda7ccfc1bf5c3b1da44229e87dca3177424c23d30b61f76cead0dcd2c25bced77cc141a5ebd6f29c56cc
-
SSDEEP
24576:1qDEvCTbMWu7rQYlBQcBiT6rprG8aGM8k0V0F0t0Kta4Plh3:1TvC/MTQYxsWR7aGM8Nt0aXd
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-