General
-
Target
SecuriteInfo.com.Trojan.PackedNET.389.5617.8285.exe
-
Size
860KB
-
Sample
221205-mpd81abd89
-
MD5
8b25a4752062e84aebc58310bb34b1a6
-
SHA1
a438e1909734943a1d6e469de1c5cfd6c645d44c
-
SHA256
98703e71dc16e27293e0ad64b57db76a8a9344c1eee9c92762aa5392ea9690c4
-
SHA512
5290963be9b29a7c245837c8a0c52eca84b6ee8444c60170eb8d0b441cdbf4d1fd4238a5973a22e5e4122f679f1976b24ec6b747f6c0f1db84eb5030d057fcbc
-
SSDEEP
12288:Y30ci+kg586aWHffogoZyULzVm/x9JvnB7NQbxmrM0OP6YXCN:o0Z+B5O8fozZyGzwx9J/xM046Y
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.PackedNET.389.5617.8285.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.PackedNET.389.5617.8285.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.peva.it - Port:
21 - Username:
[email protected] - Password:
Team2318!@#
Targets
-
-
Target
SecuriteInfo.com.Trojan.PackedNET.389.5617.8285.exe
-
Size
860KB
-
MD5
8b25a4752062e84aebc58310bb34b1a6
-
SHA1
a438e1909734943a1d6e469de1c5cfd6c645d44c
-
SHA256
98703e71dc16e27293e0ad64b57db76a8a9344c1eee9c92762aa5392ea9690c4
-
SHA512
5290963be9b29a7c245837c8a0c52eca84b6ee8444c60170eb8d0b441cdbf4d1fd4238a5973a22e5e4122f679f1976b24ec6b747f6c0f1db84eb5030d057fcbc
-
SSDEEP
12288:Y30ci+kg586aWHffogoZyULzVm/x9JvnB7NQbxmrM0OP6YXCN:o0Z+B5O8fozZyGzwx9J/xM046Y
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-