General
-
Target
mel9.chm
-
Size
13KB
-
Sample
221208-nckqpahg79
-
MD5
e7a3bc55f52eebb6ce7df0a0047fec40
-
SHA1
b152e0d6abc8dab4500aaa4161dac968e54cad20
-
SHA256
908d78eb614a8ecf652163a4ccbdf62deec33d03747d4342d4f90e5bcf7995d8
-
SHA512
3537fee98df7a02510e65c4a7fbe302e154d37e5ea497fe2677936f3442afc565a4a6307a870971ca3f45a8d25bee50b71a04c515664737cbe72d4031a186a81
-
SSDEEP
192:8FYhJztroZ7rRXcAU9aoSpW9KZYtsufMCKv6:gYjtroZ7rAv9yYtsuFKv
Static task
static1
Behavioral task
behavioral1
Sample
mel9.chm
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
mel9.chm
Resource
win10v2004-20221111-en
Malware Config
Extracted
https://cricot2.kylos.pl/mel9.txt
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.peva.it - Port:
21 - Username:
anita@peva.it - Password:
Team2318!@#
Targets
-
-
Target
mel9.chm
-
Size
13KB
-
MD5
e7a3bc55f52eebb6ce7df0a0047fec40
-
SHA1
b152e0d6abc8dab4500aaa4161dac968e54cad20
-
SHA256
908d78eb614a8ecf652163a4ccbdf62deec33d03747d4342d4f90e5bcf7995d8
-
SHA512
3537fee98df7a02510e65c4a7fbe302e154d37e5ea497fe2677936f3442afc565a4a6307a870971ca3f45a8d25bee50b71a04c515664737cbe72d4031a186a81
-
SSDEEP
192:8FYhJztroZ7rRXcAU9aoSpW9KZYtsufMCKv6:gYjtroZ7rAv9yYtsuFKv
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-