General
-
Target
a4fdc26d6b70eaf0a62cca36286412901f48881eae616d38b96d8ae0cb0f29c7
-
Size
594KB
-
Sample
241027-lq65qstpep
-
MD5
b0f2d519ccae5bf1435264e0979770ce
-
SHA1
212da7b3ed9c89d83941f6bb0dba889fa24f8f6a
-
SHA256
a4fdc26d6b70eaf0a62cca36286412901f48881eae616d38b96d8ae0cb0f29c7
-
SHA512
a50b9d27abdf6195a2689ff911e11cbc6f71cbf69d1872c765a9fc92b3a2a8e2717e260c76d1c91576d59f6b105a27b1cccc6056251dc80a0dc8afecbff3507c
-
SSDEEP
12288:o+zgiqlYVUUJiotHw9c93n5zzsO1E48Mjr0J42lX:bl3xScRRz71Eowim
Static task
static1
Behavioral task
behavioral1
Sample
a4fdc26d6b70eaf0a62cca36286412901f48881eae616d38b96d8ae0cb0f29c7.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
a4fdc26d6b70eaf0a62cca36286412901f48881eae616d38b96d8ae0cb0f29c7.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
pPCXThF2
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
pPCXThF2
Targets
-
-
Target
a4fdc26d6b70eaf0a62cca36286412901f48881eae616d38b96d8ae0cb0f29c7
-
Size
594KB
-
MD5
b0f2d519ccae5bf1435264e0979770ce
-
SHA1
212da7b3ed9c89d83941f6bb0dba889fa24f8f6a
-
SHA256
a4fdc26d6b70eaf0a62cca36286412901f48881eae616d38b96d8ae0cb0f29c7
-
SHA512
a50b9d27abdf6195a2689ff911e11cbc6f71cbf69d1872c765a9fc92b3a2a8e2717e260c76d1c91576d59f6b105a27b1cccc6056251dc80a0dc8afecbff3507c
-
SSDEEP
12288:o+zgiqlYVUUJiotHw9c93n5zzsO1E48Mjr0J42lX:bl3xScRRz71Eowim
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
AgentTesla payload
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
5Credentials In Files
4Credentials in Registry
1