General
-
Target
4c78821242f3d5ae0180a5b0239cfc94873f6680f66dfca8956f1d20e13bd3d1
-
Size
290KB
-
Sample
230207-be6dysbh9x
-
MD5
a9ab51dfa1a6f5ab8228567f8436c953
-
SHA1
126534775336fef803809a9cc76f7efa1b6f9124
-
SHA256
4c78821242f3d5ae0180a5b0239cfc94873f6680f66dfca8956f1d20e13bd3d1
-
SHA512
9fc3f8c5734672d510c56ba8a47d5d0e096bb61e34e9b3e6220bfeb07cef598003e8e40ec861c239de85210a119be71b3bb908da6ee8485100f337bc020e1aac
-
SSDEEP
6144:alTB6K9zVcNWxbdC8Bmd6891RxdEnbs+tE:cTQ85xbIUe6KJEng+y
Static task
static1
Behavioral task
behavioral1
Sample
4c78821242f3d5ae0180a5b0239cfc94873f6680f66dfca8956f1d20e13bd3d1.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
4c78821242f3d5ae0180a5b0239cfc94873f6680f66dfca8956f1d20e13bd3d1.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.mgcpakistan.com/ - Port:
21 - Username:
[email protected] - Password:
boygirl123456
Targets
-
-
Target
4c78821242f3d5ae0180a5b0239cfc94873f6680f66dfca8956f1d20e13bd3d1
-
Size
290KB
-
MD5
a9ab51dfa1a6f5ab8228567f8436c953
-
SHA1
126534775336fef803809a9cc76f7efa1b6f9124
-
SHA256
4c78821242f3d5ae0180a5b0239cfc94873f6680f66dfca8956f1d20e13bd3d1
-
SHA512
9fc3f8c5734672d510c56ba8a47d5d0e096bb61e34e9b3e6220bfeb07cef598003e8e40ec861c239de85210a119be71b3bb908da6ee8485100f337bc020e1aac
-
SSDEEP
6144:alTB6K9zVcNWxbdC8Bmd6891RxdEnbs+tE:cTQ85xbIUe6KJEng+y
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-