General
-
Target
76a44f18a5404bc4b1c61fd1d9b7fad5.bin
-
Size
795KB
-
Sample
230328-b6579sgd22
-
MD5
7e7add1b0a4de314e81dd25a3952a3ac
-
SHA1
6512bd9acc575497093d7ea0e8562fb10ccaae52
-
SHA256
d7d99cf024ba20be93148d992f5b91ae233df649ca9e35c0be8f2e717d339e07
-
SHA512
48125d4dc6ef6a19e35ba573286726380673ff29ff01823f51ef109afb257cd4ec245e538ac565ab249917051758338a5e6bcf51da474720580b087d1e712423
-
SSDEEP
12288:zEdDDsAdsg4YIP4lVhFui+VQ9/EcljqHQivqFCHjQ6fU/nsQC9LQYhtMwX5vDNhJ:YfsL5i+VQ97lqHdvjjpfxLdtMoRhpb
Static task
static1
Behavioral task
behavioral1
Sample
a03d6f7c3db409c3a07cedb14f9fa7e96b4368a39ee4c291c5eee6912e26b9e4.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
a03d6f7c3db409c3a07cedb14f9fa7e96b4368a39ee4c291c5eee6912e26b9e4.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.valvulasthermovalve.cl - Port:
21 - Username:
cva19491@valvulasthermovalve.cl - Password:
LILKOOLL14!!
Targets
-
-
Target
a03d6f7c3db409c3a07cedb14f9fa7e96b4368a39ee4c291c5eee6912e26b9e4.exe
-
Size
972KB
-
MD5
76a44f18a5404bc4b1c61fd1d9b7fad5
-
SHA1
61b9d4b92c91512e51fcb737fd450d0083e04de5
-
SHA256
a03d6f7c3db409c3a07cedb14f9fa7e96b4368a39ee4c291c5eee6912e26b9e4
-
SHA512
5f1643c2c6758241dfca665db36adf78a786705e50dde7c74b6e93c2a41f5d7cefcccf19a98d07ee059a8154db27542e329aafc9f64986040ab421588286832b
-
SSDEEP
24576:VGR4ypyeFonQUi2tCVSWDtHq3Bhy+ryz2IZWh:VG68Ow0uHyBc+uaIZ6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-