General
-
Target
c846e7bbbc1f65452bdca87523edf0fd1a58cbd9a45e622e29d480d8d80ac331
-
Size
350.1MB
-
Sample
230206-3k5s6agd54
-
MD5
e6ee01eefc03e56e385cb620990516d8
-
SHA1
f64b4f867b05ed4ac03bfa4c61cad6cd7f51a248
-
SHA256
c846e7bbbc1f65452bdca87523edf0fd1a58cbd9a45e622e29d480d8d80ac331
-
SHA512
89006d7f81e8abe98d5bc309c5dade672410cb39c9c58ab83c8cbcb0952e9f4415a920080efd67d3733c424e19a74b15839d3e1be7d5d1604cfd70caed406909
-
SSDEEP
384:CoRiEv8uudnJ0fXHEkKLgvnnmLkgDd8yxNxDs7vOcPPhI+9wwwwwww7777jYYYz7:CaiKyoftWgvmIUdfT3cVl
Static task
static1
Behavioral task
behavioral1
Sample
c846e7bbbc1f65452bdca87523edf0fd1a58cbd9a45e622e29d480d8d80ac331.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c846e7bbbc1f65452bdca87523edf0fd1a58cbd9a45e622e29d480d8d80ac331.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.mgcpakistan.com/ - Port:
21 - Username:
ddd@mgcpakistan.com - Password:
boygirl123456
Targets
-
-
Target
c846e7bbbc1f65452bdca87523edf0fd1a58cbd9a45e622e29d480d8d80ac331
-
Size
350.1MB
-
MD5
e6ee01eefc03e56e385cb620990516d8
-
SHA1
f64b4f867b05ed4ac03bfa4c61cad6cd7f51a248
-
SHA256
c846e7bbbc1f65452bdca87523edf0fd1a58cbd9a45e622e29d480d8d80ac331
-
SHA512
89006d7f81e8abe98d5bc309c5dade672410cb39c9c58ab83c8cbcb0952e9f4415a920080efd67d3733c424e19a74b15839d3e1be7d5d1604cfd70caed406909
-
SSDEEP
384:CoRiEv8uudnJ0fXHEkKLgvnnmLkgDd8yxNxDs7vOcPPhI+9wwwwwww7777jYYYz7:CaiKyoftWgvmIUdfT3cVl
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-