General
-
Target
SecuriteInfo.com.Variant.Tedy.126089.31179.28520
-
Size
1.0MB
-
Sample
220725-lk4gnabhhr
-
MD5
65abd0d33c1d0689c23d59685818c62e
-
SHA1
2f68ceaff6e150b295581ca7aa87d6f69a10ea70
-
SHA256
e563583b0bcc2d9fe2ea1af244f452acb1daa69aa3dd79e54dd5c35fc7e5f362
-
SHA512
58ee273c009365ccb36f40e7a5eb00c3f66f5a6a28861d4818b6057219f0fe1791ca9d12aef8539ee84709d183099f5223460787627fc3bd5a5d67a7af871ce0
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Tedy.126089.31179.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Tedy.126089.31179.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.valvulasthermovalve.cl - Port:
21 - Username:
cva19491@valvulasthermovalve.cl - Password:
LILKOOLL14!!
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.valvulasthermovalve.cl/ - Port:
21 - Username:
cva19491@valvulasthermovalve.cl - Password:
LILKOOLL14!!
Targets
-
-
Target
SecuriteInfo.com.Variant.Tedy.126089.31179.28520
-
Size
1.0MB
-
MD5
65abd0d33c1d0689c23d59685818c62e
-
SHA1
2f68ceaff6e150b295581ca7aa87d6f69a10ea70
-
SHA256
e563583b0bcc2d9fe2ea1af244f452acb1daa69aa3dd79e54dd5c35fc7e5f362
-
SHA512
58ee273c009365ccb36f40e7a5eb00c3f66f5a6a28861d4818b6057219f0fe1791ca9d12aef8539ee84709d183099f5223460787627fc3bd5a5d67a7af871ce0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-