General
-
Target
6f1962f02a28d836a95e44947f589b0288b2af48204a04d9cf1cf3fb347a0c8a
-
Size
248KB
-
Sample
230207-cgd8xsha48
-
MD5
901735e1031bd7a7d34d047ea0ff186c
-
SHA1
1e0f3e506e492faa59b2e50c8f373d4548d58eaf
-
SHA256
6f1962f02a28d836a95e44947f589b0288b2af48204a04d9cf1cf3fb347a0c8a
-
SHA512
43f14ae1b7fc54891b86cd40636915a49c7a8b4bdcd00ee07ee1d38ab9547a1a07b30261479ebd818bc8b49b0b7d74d2a95c20195455e5bb462ec701845143f9
-
SSDEEP
6144:I7BOQlCywM3ykOCuqvHSBmjhilaE7/4Igo:I7qywM3yIVwmtilaEvg
Static task
static1
Behavioral task
behavioral1
Sample
6f1962f02a28d836a95e44947f589b0288b2af48204a04d9cf1cf3fb347a0c8a.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
6f1962f02a28d836a95e44947f589b0288b2af48204a04d9cf1cf3fb347a0c8a.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.mgcpakistan.com/ - Port:
21 - Username:
[email protected] - Password:
boygirl123456
Targets
-
-
Target
6f1962f02a28d836a95e44947f589b0288b2af48204a04d9cf1cf3fb347a0c8a
-
Size
248KB
-
MD5
901735e1031bd7a7d34d047ea0ff186c
-
SHA1
1e0f3e506e492faa59b2e50c8f373d4548d58eaf
-
SHA256
6f1962f02a28d836a95e44947f589b0288b2af48204a04d9cf1cf3fb347a0c8a
-
SHA512
43f14ae1b7fc54891b86cd40636915a49c7a8b4bdcd00ee07ee1d38ab9547a1a07b30261479ebd818bc8b49b0b7d74d2a95c20195455e5bb462ec701845143f9
-
SSDEEP
6144:I7BOQlCywM3ykOCuqvHSBmjhilaE7/4Igo:I7qywM3yIVwmtilaEvg
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-