General
-
Target
3b104fc01064b1cf703af9e8483e0c81c972c8f9da8c7927efebc1ef6409d22e.exe
-
Size
682KB
-
Sample
221206-pllvsagg89
-
MD5
3342ecea8451b002637da5e1d9a1eff5
-
SHA1
21efe866ee27384c86186ba7c6c21f6cde28aae9
-
SHA256
3b104fc01064b1cf703af9e8483e0c81c972c8f9da8c7927efebc1ef6409d22e
-
SHA512
e24f646f498b4035f58b0f318ccf0beb58ade3f289f77314bdab3c402fa1e680995d2dd198ddfc9dfcf89d609abcf0a35b52174f2b15644c33171687bf770f7a
-
SSDEEP
12288:R8xIZxD7RP5sfclEPMRHX0MKrPOqRa78VsuNtGHobvGsZPbLj:R8xlqxRX0rPDu8VsuaH+GcbL
Malware Config
Extracted
Protocol: ftp- Host:
ftp.alonsorojasmudanzasnacionales.com - Port:
21 - Username:
[email protected] - Password:
SWIrh1JT66[P
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.alonsorojasmudanzasnacionales.com/ - Port:
21 - Username:
[email protected] - Password:
SWIrh1JT66[P
Targets
-
-
Target
3b104fc01064b1cf703af9e8483e0c81c972c8f9da8c7927efebc1ef6409d22e.exe
-
Size
682KB
-
MD5
3342ecea8451b002637da5e1d9a1eff5
-
SHA1
21efe866ee27384c86186ba7c6c21f6cde28aae9
-
SHA256
3b104fc01064b1cf703af9e8483e0c81c972c8f9da8c7927efebc1ef6409d22e
-
SHA512
e24f646f498b4035f58b0f318ccf0beb58ade3f289f77314bdab3c402fa1e680995d2dd198ddfc9dfcf89d609abcf0a35b52174f2b15644c33171687bf770f7a
-
SSDEEP
12288:R8xIZxD7RP5sfclEPMRHX0MKrPOqRa78VsuNtGHobvGsZPbLj:R8xlqxRX0rPDu8VsuaH+GcbL
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-