General
-
Target
3c455abc346654cecc4d49a9eb53b0f0153e3c898da5df414fb681474b43ca10
-
Size
1.0MB
-
Sample
230207-bemlvagg68
-
MD5
08639d5b37ad1a83df774a4853183191
-
SHA1
9e132f71f1c00e11ff35bde5bf1d94a075be1690
-
SHA256
3c455abc346654cecc4d49a9eb53b0f0153e3c898da5df414fb681474b43ca10
-
SHA512
d6b59cadf34db7b4eee7be6328349362237f5f5d0648206b87d366a7bfa34b60eb2e12f8c771d1e8b9320f5dde9ab19cc33d10af5f671a43a33cef1a8f83ed4a
-
SSDEEP
12288:TmXwOIN2eF0Djb6yuh1UxCi2Z3nCCEMTagVwE48IQyMLTJwiqARR7qNM/OjjCV9d:J2z/Oy4sDMyojMQZJwiqwR4OOHC/m7u
Static task
static1
Behavioral task
behavioral1
Sample
3c455abc346654cecc4d49a9eb53b0f0153e3c898da5df414fb681474b43ca10.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3c455abc346654cecc4d49a9eb53b0f0153e3c898da5df414fb681474b43ca10.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.mgcpakistan.com - Port:
21 - Username:
[email protected] - Password:
boygirl123456
Targets
-
-
Target
3c455abc346654cecc4d49a9eb53b0f0153e3c898da5df414fb681474b43ca10
-
Size
1.0MB
-
MD5
08639d5b37ad1a83df774a4853183191
-
SHA1
9e132f71f1c00e11ff35bde5bf1d94a075be1690
-
SHA256
3c455abc346654cecc4d49a9eb53b0f0153e3c898da5df414fb681474b43ca10
-
SHA512
d6b59cadf34db7b4eee7be6328349362237f5f5d0648206b87d366a7bfa34b60eb2e12f8c771d1e8b9320f5dde9ab19cc33d10af5f671a43a33cef1a8f83ed4a
-
SSDEEP
12288:TmXwOIN2eF0Djb6yuh1UxCi2Z3nCCEMTagVwE48IQyMLTJwiqARR7qNM/OjjCV9d:J2z/Oy4sDMyojMQZJwiqwR4OOHC/m7u
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-