General
-
Target
3bd5dde45761f8ea8159da50737de3b57cb29fc21ffbf7496d57ffb9009fa07d
-
Size
355KB
-
Sample
230207-bcg9cagg56
-
MD5
e95980e4715a5954354a424d5bdd02c0
-
SHA1
e72c54b9635ff3704aaaba011838f5f63b22aa24
-
SHA256
3bd5dde45761f8ea8159da50737de3b57cb29fc21ffbf7496d57ffb9009fa07d
-
SHA512
76b14a6c5c2bf936980be636ad19e018eee4ce510e1463b81c5366c35b2ef31d9c9e3ebc29144530bfddad4fb0c929d1605983c4b20f114bcffa47b3652294c8
-
SSDEEP
6144:qSwXTsi2f806NfZByBLFJwDtIUUy0zRukgHrzR139Yo0ti:qjAi2k1lZBiLf2S5Ek0zsi
Static task
static1
Behavioral task
behavioral1
Sample
3bd5dde45761f8ea8159da50737de3b57cb29fc21ffbf7496d57ffb9009fa07d.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
3bd5dde45761f8ea8159da50737de3b57cb29fc21ffbf7496d57ffb9009fa07d.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.mgcpakistan.com/ - Port:
21 - Username:
[email protected] - Password:
boygirl123456
Targets
-
-
Target
3bd5dde45761f8ea8159da50737de3b57cb29fc21ffbf7496d57ffb9009fa07d
-
Size
355KB
-
MD5
e95980e4715a5954354a424d5bdd02c0
-
SHA1
e72c54b9635ff3704aaaba011838f5f63b22aa24
-
SHA256
3bd5dde45761f8ea8159da50737de3b57cb29fc21ffbf7496d57ffb9009fa07d
-
SHA512
76b14a6c5c2bf936980be636ad19e018eee4ce510e1463b81c5366c35b2ef31d9c9e3ebc29144530bfddad4fb0c929d1605983c4b20f114bcffa47b3652294c8
-
SSDEEP
6144:qSwXTsi2f806NfZByBLFJwDtIUUy0zRukgHrzR139Yo0ti:qjAi2k1lZBiLf2S5Ek0zsi
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-