General
-
Target
4c8682b1c5fb75017cdcc14ebd946e2553dbd50bdbcc402ee15e0700d9774e59
-
Size
623KB
-
Sample
230207-bezamsgg74
-
MD5
cbcf4a372d624b07922ff281d203304b
-
SHA1
2f888eb429648b17a15c9e614ffb3d4459921b57
-
SHA256
4c8682b1c5fb75017cdcc14ebd946e2553dbd50bdbcc402ee15e0700d9774e59
-
SHA512
0dcdcb543c19db9c12f220ac8fc13887015db22b8264cf6dc2fb4633b967b4eba900bf7f77d16cda78c5ca5d93febade9ba2ca38262b47d50499ded98eadbc0b
-
SSDEEP
12288:DjGaOpk+txzRgl0J3VaaYQdkwfO0xaD3UBUujknb9GTkkkkkkkkkkkkkkkkkkkkd:ZOpH3i23VbYQdkwfO0xaD3UBUujknwAs
Static task
static1
Behavioral task
behavioral1
Sample
4c8682b1c5fb75017cdcc14ebd946e2553dbd50bdbcc402ee15e0700d9774e59.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
4c8682b1c5fb75017cdcc14ebd946e2553dbd50bdbcc402ee15e0700d9774e59.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.mgcpakistan.com/ - Port:
21 - Username:
[email protected] - Password:
boygirl123456
Targets
-
-
Target
4c8682b1c5fb75017cdcc14ebd946e2553dbd50bdbcc402ee15e0700d9774e59
-
Size
623KB
-
MD5
cbcf4a372d624b07922ff281d203304b
-
SHA1
2f888eb429648b17a15c9e614ffb3d4459921b57
-
SHA256
4c8682b1c5fb75017cdcc14ebd946e2553dbd50bdbcc402ee15e0700d9774e59
-
SHA512
0dcdcb543c19db9c12f220ac8fc13887015db22b8264cf6dc2fb4633b967b4eba900bf7f77d16cda78c5ca5d93febade9ba2ca38262b47d50499ded98eadbc0b
-
SSDEEP
12288:DjGaOpk+txzRgl0J3VaaYQdkwfO0xaD3UBUujknb9GTkkkkkkkkkkkkkkkkkkkkd:ZOpH3i23VbYQdkwfO0xaD3UBUujknwAs
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-