General
-
Target
abcbfb77b90cf689894d886c143b18e00c5ac84f9577741f7918c9f939a3484b
-
Size
1.0MB
-
Sample
221003-qkrkbaghf9
-
MD5
5e462918f7ae0b77e2b77ac631c0d112
-
SHA1
7bfc16fc2514d138e2c371d3e54cdb2a9f75b717
-
SHA256
abcbfb77b90cf689894d886c143b18e00c5ac84f9577741f7918c9f939a3484b
-
SHA512
be52088def63e81d71b265c09331f8b720904f6538f217d6581586843f7f50cce5f2cecee84ae8822a2d013c1a5a1517cee6133cf9d5bff540d0109ab763a87a
-
SSDEEP
12288:E/ff32iNLK4HTNnFeUqkiLtj7SPZatN591Dyp+c0raHXmdSvk/WW3Slb74:Enf31HFeUqLUotN59ByIqtvk/WW3Slb
Static task
static1
Behavioral task
behavioral1
Sample
abcbfb77b90cf689894d886c143b18e00c5ac84f9577741f7918c9f939a3484b.exe
Resource
win10-20220901-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.valvulasthermovalve.cl - Port:
21 - Username:
cva19491@valvulasthermovalve.cl - Password:
LILKOOLL14!!
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.valvulasthermovalve.cl/ - Port:
21 - Username:
cva19491@valvulasthermovalve.cl - Password:
LILKOOLL14!!
Targets
-
-
Target
abcbfb77b90cf689894d886c143b18e00c5ac84f9577741f7918c9f939a3484b
-
Size
1.0MB
-
MD5
5e462918f7ae0b77e2b77ac631c0d112
-
SHA1
7bfc16fc2514d138e2c371d3e54cdb2a9f75b717
-
SHA256
abcbfb77b90cf689894d886c143b18e00c5ac84f9577741f7918c9f939a3484b
-
SHA512
be52088def63e81d71b265c09331f8b720904f6538f217d6581586843f7f50cce5f2cecee84ae8822a2d013c1a5a1517cee6133cf9d5bff540d0109ab763a87a
-
SSDEEP
12288:E/ff32iNLK4HTNnFeUqkiLtj7SPZatN591Dyp+c0raHXmdSvk/WW3Slb74:Enf31HFeUqLUotN59ByIqtvk/WW3Slb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-