General
-
Target
943089ba13faf44a75c9624e2b68af1f561d5567bb4ba7cf4a2596b129da6a2b
-
Size
888KB
-
Sample
221003-lcl8eahdan
-
MD5
9a9cb1f7f37aa3955cfb4d8991583e31
-
SHA1
8d63b02db5ce9bb9bb1691ab4a5282d18078191a
-
SHA256
943089ba13faf44a75c9624e2b68af1f561d5567bb4ba7cf4a2596b129da6a2b
-
SHA512
d018ecbd1cb1cea36a4e24e30525e64a1e44d0505859de1dcb93511d2e5a77f508ed0284114387da67dfcb0294d5bd15e5cf9d8629adc99e013660affa2dbac4
-
SSDEEP
12288:kK4HTNWk67oi/z0xXi5nv9OZT5fEKD501+owI73IskA2IaBunfuEhp+0:ME4xgv9OjbD/owE3IsH2cnmS
Static task
static1
Behavioral task
behavioral1
Sample
943089ba13faf44a75c9624e2b68af1f561d5567bb4ba7cf4a2596b129da6a2b.exe
Resource
win10-20220812-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.valvulasthermovalve.cl - Port:
21 - Username:
cva19491@valvulasthermovalve.cl - Password:
LILKOOLL14!!
Targets
-
-
Target
943089ba13faf44a75c9624e2b68af1f561d5567bb4ba7cf4a2596b129da6a2b
-
Size
888KB
-
MD5
9a9cb1f7f37aa3955cfb4d8991583e31
-
SHA1
8d63b02db5ce9bb9bb1691ab4a5282d18078191a
-
SHA256
943089ba13faf44a75c9624e2b68af1f561d5567bb4ba7cf4a2596b129da6a2b
-
SHA512
d018ecbd1cb1cea36a4e24e30525e64a1e44d0505859de1dcb93511d2e5a77f508ed0284114387da67dfcb0294d5bd15e5cf9d8629adc99e013660affa2dbac4
-
SSDEEP
12288:kK4HTNWk67oi/z0xXi5nv9OZT5fEKD501+owI73IskA2IaBunfuEhp+0:ME4xgv9OjbD/owE3IsH2cnmS
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-