General
-
Target
2ed34f781f615ce69ea9a63c0ac0756f.exe
-
Size
771KB
-
Sample
221001-jgzcesgfgm
-
MD5
2ed34f781f615ce69ea9a63c0ac0756f
-
SHA1
c2271ac5a63a74357c70e5435976517142e2972c
-
SHA256
854f5d2587bb6c0cddef7ad1228dc22a5841e09fc231550a2c3bf08f23898afe
-
SHA512
f9f4f6ba47b15fd6e4c635d12aa54b8eb950417b52abd06b7103a88c86bf76c805b177c7bd00054b7540aee85b419985925ba2dbb0d53b7251086704960dcc06
-
SSDEEP
12288:dAMx4TNqwLnH7uRJjxjgfFRZfhDJRpmVhMIZZJPar2sguP7cBPFwKj:Zeq2iRJjxAd1YpZ2r2sji5j
Static task
static1
Behavioral task
behavioral1
Sample
2ed34f781f615ce69ea9a63c0ac0756f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2ed34f781f615ce69ea9a63c0ac0756f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.valvulasthermovalve.cl - Port:
21 - Username:
cva19491@valvulasthermovalve.cl - Password:
LILKOOLL14!!
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.valvulasthermovalve.cl/ - Port:
21 - Username:
cva19491@valvulasthermovalve.cl - Password:
LILKOOLL14!!
Targets
-
-
Target
2ed34f781f615ce69ea9a63c0ac0756f.exe
-
Size
771KB
-
MD5
2ed34f781f615ce69ea9a63c0ac0756f
-
SHA1
c2271ac5a63a74357c70e5435976517142e2972c
-
SHA256
854f5d2587bb6c0cddef7ad1228dc22a5841e09fc231550a2c3bf08f23898afe
-
SHA512
f9f4f6ba47b15fd6e4c635d12aa54b8eb950417b52abd06b7103a88c86bf76c805b177c7bd00054b7540aee85b419985925ba2dbb0d53b7251086704960dcc06
-
SSDEEP
12288:dAMx4TNqwLnH7uRJjxjgfFRZfhDJRpmVhMIZZJPar2sguP7cBPFwKj:Zeq2iRJjxAd1YpZ2r2sji5j
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-