General
-
Target
92c7e69b6d03a37ec81009ef279a87ef62d8fa6b8d4122a005813facbed979f5.exe
-
Size
492KB
-
Sample
240813-btppraxapa
-
MD5
3264ed302538a2d29f2e48f26eff85b0
-
SHA1
45a77b6cf9772caa5867a76c9f1d66c2ee40d10a
-
SHA256
92c7e69b6d03a37ec81009ef279a87ef62d8fa6b8d4122a005813facbed979f5
-
SHA512
f73672146ddc183532b48dc66c449add85a84b5e9fb6e9dddefd17d05f56d23d40e459f3a52fd571c68add81d0c0264c21399ee4049f64102c04ccb1d976319c
-
SSDEEP
12288:oYtgJpASCb8O7g2b88suVYx8ftvnt/TDq2IN1SJrx:oYerASsckVtFnTL
Static task
static1
Behavioral task
behavioral1
Sample
92c7e69b6d03a37ec81009ef279a87ef62d8fa6b8d4122a005813facbed979f5.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
92c7e69b6d03a37ec81009ef279a87ef62d8fa6b8d4122a005813facbed979f5.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.synergyinnovationsgroup.com - Port:
587 - Username:
[email protected] - Password:
C@p-Y8BoHc#? - Email To:
[email protected]
Targets
-
-
Target
92c7e69b6d03a37ec81009ef279a87ef62d8fa6b8d4122a005813facbed979f5.exe
-
Size
492KB
-
MD5
3264ed302538a2d29f2e48f26eff85b0
-
SHA1
45a77b6cf9772caa5867a76c9f1d66c2ee40d10a
-
SHA256
92c7e69b6d03a37ec81009ef279a87ef62d8fa6b8d4122a005813facbed979f5
-
SHA512
f73672146ddc183532b48dc66c449add85a84b5e9fb6e9dddefd17d05f56d23d40e459f3a52fd571c68add81d0c0264c21399ee4049f64102c04ccb1d976319c
-
SSDEEP
12288:oYtgJpASCb8O7g2b88suVYx8ftvnt/TDq2IN1SJrx:oYerASsckVtFnTL
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
68b287f4067ba013e34a1339afdb1ea8
-
SHA1
45ad585b3cc8e5a6af7b68f5d8269c97992130b3
-
SHA256
18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026
-
SHA512
06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb
-
SSDEEP
48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
cff85c549d536f651d4fb8387f1976f2
-
SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
-
SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
-
SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
SSDEEP
192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score3/10 -