General
-
Target
5e7ca13bd1e0f2efced55e363a628be64c3c95dddf8806a22fe40b43d9e6e894
-
Size
352KB
-
Sample
230207-cff15aha45
-
MD5
cb9df34ef7dd4c549de71974a2aa95ed
-
SHA1
7e1876251067b66b54e0fafa58dfff6466918344
-
SHA256
5e7ca13bd1e0f2efced55e363a628be64c3c95dddf8806a22fe40b43d9e6e894
-
SHA512
84214654fdadb07a846016b5c17d52695c4cbb0fbf38fe69854c8432f8d06d5ddb01c8f882193924cf7cf0494165b49830965a08e8fd82a5cfdb000d354e43a9
-
SSDEEP
6144:vYa6eC1bNf4mQE/EyCD93YeEyZmmOd6P4O1xtJQKx40gkhqO4vvc2uNA24HrdbKU:vYI0SmNP2ZmmOgQ8JZgky3TLdx
Static task
static1
Behavioral task
behavioral1
Sample
5e7ca13bd1e0f2efced55e363a628be64c3c95dddf8806a22fe40b43d9e6e894.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5e7ca13bd1e0f2efced55e363a628be64c3c95dddf8806a22fe40b43d9e6e894.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.mgcpakistan.com - Port:
21 - Username:
[email protected] - Password:
boygirl123456
Targets
-
-
Target
5e7ca13bd1e0f2efced55e363a628be64c3c95dddf8806a22fe40b43d9e6e894
-
Size
352KB
-
MD5
cb9df34ef7dd4c549de71974a2aa95ed
-
SHA1
7e1876251067b66b54e0fafa58dfff6466918344
-
SHA256
5e7ca13bd1e0f2efced55e363a628be64c3c95dddf8806a22fe40b43d9e6e894
-
SHA512
84214654fdadb07a846016b5c17d52695c4cbb0fbf38fe69854c8432f8d06d5ddb01c8f882193924cf7cf0494165b49830965a08e8fd82a5cfdb000d354e43a9
-
SSDEEP
6144:vYa6eC1bNf4mQE/EyCD93YeEyZmmOd6P4O1xtJQKx40gkhqO4vvc2uNA24HrdbKU:vYI0SmNP2ZmmOgQ8JZgky3TLdx
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-