General
-
Target
21e8e0ff64933e4a3527f1cbcd2ac4e18897c9dc34eb155ee4e425eeefd33e30
-
Size
528KB
-
Sample
230215-j5chkaaf2z
-
MD5
8dbcd399727ac2e154187387b7182a72
-
SHA1
8f1bef48ad81d8b04cac2d765e78073ccfe3af01
-
SHA256
45b7b124a50a35dda2128d0b2b7108cd09743ae218bf0972f1afa0bcbfe24258
-
SHA512
12d6148d9e61a919b76c6cf113e6e1b375f40d0c9ecee270112647ee039def145af511f26e08eee99f784ba7cb8db5ef5d7ca8c78df859ef21f73a3a49775571
-
SSDEEP
12288:fo1NmzWUjCtF8V4p+vtQ+UfJkZsvpJBwYNP/I5RDsPgqo6X:fUN6RSOp5ZZsjBQ5WPgqo6X
Static task
static1
Behavioral task
behavioral1
Sample
21e8e0ff64933e4a3527f1cbcd2ac4e18897c9dc34eb155ee4e425eeefd33e30.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
21e8e0ff64933e4a3527f1cbcd2ac4e18897c9dc34eb155ee4e425eeefd33e30.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.valvulasthermovalve.cl - Port:
21 - Username:
[email protected] - Password:
LILKOOLL14!!
Targets
-
-
Target
21e8e0ff64933e4a3527f1cbcd2ac4e18897c9dc34eb155ee4e425eeefd33e30
-
Size
580KB
-
MD5
98ff92b99b1c9a9adcf26da229504f19
-
SHA1
7250a928c6806028101c0cc1d1fbc9fd095ffd73
-
SHA256
21e8e0ff64933e4a3527f1cbcd2ac4e18897c9dc34eb155ee4e425eeefd33e30
-
SHA512
c4b32d8121032ba3abcb7e72012a356ce6a80e0ac075a0afdc151072f6e31a6a43e0c1e053803fec10cf6683df1571569eaaf0c9185cb50818269fe4f762bdf3
-
SSDEEP
12288:+neB2gFraFjCtF8H4p+ftQ+QfDkZsv1JfwYNl/srRDtzSY:+nY22raFSm55ZZsXVErHz
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-