General
-
Target
2cc5613a828da926b27d2d6f11e8c76cd3ecec170b31c65e7a6392b577355d31
-
Size
589KB
-
Sample
230207-bb81nsgg53
-
MD5
485801a43af8306af1bdb36f89cbed73
-
SHA1
6b66e255ec5822d4793688361e844bb189c47eaa
-
SHA256
2cc5613a828da926b27d2d6f11e8c76cd3ecec170b31c65e7a6392b577355d31
-
SHA512
0370922cc1c2bf9b77524848ee3ae875f41e82e63128a68476cdb492e7a5c7df35a35ac2e8006f971396402be878a5886b97763fbffb42314643a0da3dfc79a4
-
SSDEEP
6144:ZUKu7o6dz5TntnwnZRN2a6GhWcM3+ci/aDLuUV0rh8a8mVWHa7ZqonK:ZUjU6d1Ttnyd3LViVFa8/cqj
Static task
static1
Behavioral task
behavioral1
Sample
2cc5613a828da926b27d2d6f11e8c76cd3ecec170b31c65e7a6392b577355d31.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
2cc5613a828da926b27d2d6f11e8c76cd3ecec170b31c65e7a6392b577355d31.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.mgcpakistan.com/ - Port:
21 - Username:
[email protected] - Password:
boygirl123456
Targets
-
-
Target
2cc5613a828da926b27d2d6f11e8c76cd3ecec170b31c65e7a6392b577355d31
-
Size
589KB
-
MD5
485801a43af8306af1bdb36f89cbed73
-
SHA1
6b66e255ec5822d4793688361e844bb189c47eaa
-
SHA256
2cc5613a828da926b27d2d6f11e8c76cd3ecec170b31c65e7a6392b577355d31
-
SHA512
0370922cc1c2bf9b77524848ee3ae875f41e82e63128a68476cdb492e7a5c7df35a35ac2e8006f971396402be878a5886b97763fbffb42314643a0da3dfc79a4
-
SSDEEP
6144:ZUKu7o6dz5TntnwnZRN2a6GhWcM3+ci/aDLuUV0rh8a8mVWHa7ZqonK:ZUjU6d1Ttnyd3LViVFa8/cqj
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-