General
-
Target
3cc22a1ec55d679078a0420d0aa35f69
-
Size
1017KB
-
Sample
210624-sbkg3g97ns
-
MD5
3cc22a1ec55d679078a0420d0aa35f69
-
SHA1
ccb7c76b70c18f09694eb7643b17512701bf7ac9
-
SHA256
fa2a3d2d878502749a5c8b01a6244a8b9e2b7f0cb3b9d0d85cadc2a8dcb5a8dc
-
SHA512
bf19261b1619623500959dc9b94fb767790029ae508a6f5f6d3b514659a0db25d147330d0467a81d53dfd6dd582934591b4b62ce60c4df0ebbc704edf671d24c
Static task
static1
Behavioral task
behavioral1
Sample
3cc22a1ec55d679078a0420d0aa35f69.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
3cc22a1ec55d679078a0420d0aa35f69.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.austrianhaus.com/ - Port:
21 - Username:
wx@austrianhaus.com - Password:
740583Dd
Targets
-
-
Target
3cc22a1ec55d679078a0420d0aa35f69
-
Size
1017KB
-
MD5
3cc22a1ec55d679078a0420d0aa35f69
-
SHA1
ccb7c76b70c18f09694eb7643b17512701bf7ac9
-
SHA256
fa2a3d2d878502749a5c8b01a6244a8b9e2b7f0cb3b9d0d85cadc2a8dcb5a8dc
-
SHA512
bf19261b1619623500959dc9b94fb767790029ae508a6f5f6d3b514659a0db25d147330d0467a81d53dfd6dd582934591b4b62ce60c4df0ebbc704edf671d24c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-