agenttesla

General

Target

Copia de pago de saldo-password(4jfb20Dg).zip
Size

775KB
Sample

240907-aadbyavanj
MD5

46a69f01bcc0c47d125bacf5bbcd7b4d
SHA1

55d5c0682c4b89a88e8e493934b4c42f4e1a9741
SHA256

91ef934fd77606f6307f23f1d1e2032397150d1dead759ce7f0d671bf96f9df1
SHA512

4131cd9490b90db2d08bffad35a64accb7b30f34e97a99c6eeba8d841829a3a61b1e6cbd5a47c8869d4a4a003bfcc23e153234b6d2d74375353898e75e906002
SSDEEP

12288:HU68T5azQvfptPqA6ifvkrR/JxHdEOgb7l4riPD23fRhe4wt+WaiPXh31kwV:HB8YQXPBCxx9Ebb7ldDOhe/pPRV

Score

10^/10

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.worlorderbillions.top
Port:
587
Username:
[email protected]
Password:
vqpF.#;cCodu
Email To:
[email protected]

Targets

- Target
  
  FHT65609567-TVS09760-PFT09790979.PDF.7Z
- Size
  
  563KB
- MD5
  
  8b9b0abb6155b02de65ebb7de80908ca
- SHA1
  
  1a864b52816c510b4e430d931fa25588c4535f63
- SHA256
  
  8eb121e219115c5d99467b8ac770939023e779c61fda5b7c841e2bbd058020b3
- SHA512
  
  5588c73b46017f9a5bfcc389c9ac5892d97453589a4abf41f931d1fb1e9a1f2e419a6b8e17811b22c4a8663e681707dd5cc56955733abf7f60f767a28b25a1f0
- SSDEEP
  
  12288:lxhkbPd2dJZlMzSq4sThgxn5sHXXEb1XyvL5+Uek1Gm/JGs8:lYPAdLlM+sThgx5s3URivt+Uek11Gd
Score

3^/10
behavioral1
- Target
  
  FHT65609567-TVS09760-PFT09790979.PDF.exe
- Size
  
  1.0MB
- MD5
  
  7514b66e59d91dfdba219668bc757794
- SHA1
  
  26cb2ccbbef9427b0a3f7b306168aa6e6591f468
- SHA256
  
  f9a535ecbad3b5f46b22084b4ddb51cae2b85f632aeef1128c1875a14533b294
- SHA512
  
  0768de3169ab927bfe1f449710e896a2149726d492afcfbc35808e64b54c86d63a66825e399b27f64b7c8855346bfa833ffcd59851d078dc111c174ca37c5342
- SSDEEP
  
  24576:tAHnh+eWsN3skA4RV1Hom2KXMmHaHe+SHD7torKab5:Mh+ZkldoPK8YaHe+SHfid
Score

10^/10

agenttesla credential_access discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Suspicious use of SetThreadContext
behavioral2
- Target
  
  email-html-1.txt
- Size
  
  781B
- MD5
  
  c1034815c27ad1ffb932d85a848216e9
- SHA1
  
  4d94f37740c8390c84499103ceaa80b66835d933
- SHA256
  
  c04276e629aa37205267ab140ab1021bf2019d8ed8d871b9fb7e2840c14274cc
- SHA512
  
  38a09350ea171d83ac98c345218b255c8b924d951b0c152da891c424e26c47c8f96f3ca7989248bc7d9b7d43458ba32fdcbaed62f2bf672402e33dea0da1d5d9
Score

4^/10

discovery
behavioral3