General
-
Target
3e8538df66efc0c110ba8bca5f3f6e02aefe24f80f622b97731f46f958803f86
-
Size
988KB
-
Sample
221003-bcgyksbchm
-
MD5
d26c8282cb80ad25f07b769fb2152dff
-
SHA1
a3f42a6f49f6219b3a5ba9e2f3ac3b80f7beee78
-
SHA256
3e8538df66efc0c110ba8bca5f3f6e02aefe24f80f622b97731f46f958803f86
-
SHA512
c3353e58905087155744fc25c978a61f28069d8108fe8fec971bdcaf58cb51ae193b6bd45005132250adc27e27b3ec1e4141c708267274d4738427c7f1329388
-
SSDEEP
12288:2S/nb8oh1rgtC0DagQY+5pJIUkjErhAQOV3a810F9+OToal1K4HTN:38ekagU5I5iAQO1CJl
Static task
static1
Behavioral task
behavioral1
Sample
3e8538df66efc0c110ba8bca5f3f6e02aefe24f80f622b97731f46f958803f86.exe
Resource
win10-20220812-en
Malware Config
Extracted
Protocol: ftp- Host:
192.3.223.202 - Port:
21 - Username:
ftplogs - Password:
sPkZ7jK7P6aA
Targets
-
-
Target
3e8538df66efc0c110ba8bca5f3f6e02aefe24f80f622b97731f46f958803f86
-
Size
988KB
-
MD5
d26c8282cb80ad25f07b769fb2152dff
-
SHA1
a3f42a6f49f6219b3a5ba9e2f3ac3b80f7beee78
-
SHA256
3e8538df66efc0c110ba8bca5f3f6e02aefe24f80f622b97731f46f958803f86
-
SHA512
c3353e58905087155744fc25c978a61f28069d8108fe8fec971bdcaf58cb51ae193b6bd45005132250adc27e27b3ec1e4141c708267274d4738427c7f1329388
-
SSDEEP
12288:2S/nb8oh1rgtC0DagQY+5pJIUkjErhAQOV3a810F9+OToal1K4HTN:38ekagU5I5iAQO1CJl
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-