General
-
Target
c602a8c1d11236ae15cef6d0506019e3.exe
-
Size
949KB
-
Sample
221129-kgjseafe6s
-
MD5
c602a8c1d11236ae15cef6d0506019e3
-
SHA1
7de05fd3a996f5d804c25e8ce9f9721c56c86b48
-
SHA256
6e9e7f85765b936dbee0d489d4b30048881a558489c4c8691187a781117c9b9a
-
SHA512
eb817221be3fcd13176e09160797644a8ad3ced2d281c708db23eee17a99ef1e9eea138a69ace26e6bef52290d0851bc584b484adca28173be6e2234ccf5b20e
-
SSDEEP
12288:2VvgqU+D7Zy1Z/e1jjHUQ2F6GDlFlfs6G8gieBU3nk+uOsZ72at15zCDdzoa1cfN:+vz7c1Z/eFHHmfvRkokHZF5zCDdEPf
Static task
static1
Behavioral task
behavioral1
Sample
c602a8c1d11236ae15cef6d0506019e3.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c602a8c1d11236ae15cef6d0506019e3.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://carbonwatt.com - Port:
21 - Username:
carbonwatt@carbonwatt.com - Password:
k)G8;,rq1MNz
Targets
-
-
Target
c602a8c1d11236ae15cef6d0506019e3.exe
-
Size
949KB
-
MD5
c602a8c1d11236ae15cef6d0506019e3
-
SHA1
7de05fd3a996f5d804c25e8ce9f9721c56c86b48
-
SHA256
6e9e7f85765b936dbee0d489d4b30048881a558489c4c8691187a781117c9b9a
-
SHA512
eb817221be3fcd13176e09160797644a8ad3ced2d281c708db23eee17a99ef1e9eea138a69ace26e6bef52290d0851bc584b484adca28173be6e2234ccf5b20e
-
SSDEEP
12288:2VvgqU+D7Zy1Z/e1jjHUQ2F6GDlFlfs6G8gieBU3nk+uOsZ72at15zCDdzoa1cfN:+vz7c1Z/eFHHmfvRkokHZF5zCDdEPf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-