General
-
Target
a231867aa2f69e92df3316a690bffb83.exe
-
Size
958KB
-
Sample
221210-kyw43afc57
-
MD5
a231867aa2f69e92df3316a690bffb83
-
SHA1
7648101af557933157c7d039656b33e5f081385c
-
SHA256
41cafe6bef34f95a60f53f863bce19203694e9799be506fc3a3b24a68ebde719
-
SHA512
d3d5c85913c809b948793bc6760d0b364307d776ec406bffeeb52afaa8f5b274fddbe5c209ce60be2333a3ce678894c275bd16b0af818a3a89a04645e6cefcca
-
SSDEEP
12288:uTcr2iNhVZNYYC8AxdDlZDDems2CckEyExos1ywoE+2fZAAVoVgc41Bp3Da7bLBu:ugr1nQRFKmEcrPas1B+2xHooPObLBI
Static task
static1
Behavioral task
behavioral1
Sample
a231867aa2f69e92df3316a690bffb83.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
a231867aa2f69e92df3316a690bffb83.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.valvulasthermovalve.cl - Port:
21 - Username:
[email protected] - Password:
LILKOOLL14!!
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.valvulasthermovalve.cl/ - Port:
21 - Username:
[email protected] - Password:
LILKOOLL14!!
Targets
-
-
Target
a231867aa2f69e92df3316a690bffb83.exe
-
Size
958KB
-
MD5
a231867aa2f69e92df3316a690bffb83
-
SHA1
7648101af557933157c7d039656b33e5f081385c
-
SHA256
41cafe6bef34f95a60f53f863bce19203694e9799be506fc3a3b24a68ebde719
-
SHA512
d3d5c85913c809b948793bc6760d0b364307d776ec406bffeeb52afaa8f5b274fddbe5c209ce60be2333a3ce678894c275bd16b0af818a3a89a04645e6cefcca
-
SSDEEP
12288:uTcr2iNhVZNYYC8AxdDlZDDems2CckEyExos1ywoE+2fZAAVoVgc41Bp3Da7bLBu:ugr1nQRFKmEcrPas1B+2xHooPObLBI
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-