General
-
Target
6a56ed6a40bb64b9ea8103af486494c3.exe
-
Size
860KB
-
Sample
221001-jgzcesffe3
-
MD5
6a56ed6a40bb64b9ea8103af486494c3
-
SHA1
608c43c96f9fbddaa2daf33d9104a15e28525f28
-
SHA256
6cd18a9185d80ac19f1a36e9859c5277ad4bf2ad9cd82216d0730ab844917656
-
SHA512
8358ff2be422791d6915d89d2011f65a17b7a9663b9b0368f245df81671bae003642bba5ffa78cdae6dcf21f2ef76cf962ff76ef2312b732996f20ea29d494fa
-
SSDEEP
12288:64D/cJkA+mHwIvXFRnv0S/pHajSOnnvNvNuN2wo360472L/4lzISNGemF255:64ACGJRh/p6WcvWa6Ta4l9
Static task
static1
Behavioral task
behavioral1
Sample
6a56ed6a40bb64b9ea8103af486494c3.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
6a56ed6a40bb64b9ea8103af486494c3.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.valvulasthermovalve.cl - Port:
21 - Username:
cva19491@valvulasthermovalve.cl - Password:
LILKOOLL14!!
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.valvulasthermovalve.cl/ - Port:
21 - Username:
cva19491@valvulasthermovalve.cl - Password:
LILKOOLL14!!
Targets
-
-
Target
6a56ed6a40bb64b9ea8103af486494c3.exe
-
Size
860KB
-
MD5
6a56ed6a40bb64b9ea8103af486494c3
-
SHA1
608c43c96f9fbddaa2daf33d9104a15e28525f28
-
SHA256
6cd18a9185d80ac19f1a36e9859c5277ad4bf2ad9cd82216d0730ab844917656
-
SHA512
8358ff2be422791d6915d89d2011f65a17b7a9663b9b0368f245df81671bae003642bba5ffa78cdae6dcf21f2ef76cf962ff76ef2312b732996f20ea29d494fa
-
SSDEEP
12288:64D/cJkA+mHwIvXFRnv0S/pHajSOnnvNvNuN2wo360472L/4lzISNGemF255:64ACGJRh/p6WcvWa6Ta4l9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-