General
-
Target
85d29bf17d2b11754deb221731a9ea4c.exe
-
Size
791KB
-
Sample
230328-hzc2gabc8s
-
MD5
85d29bf17d2b11754deb221731a9ea4c
-
SHA1
eb91d80b64db46e71784db25ff2380003d3a1b9c
-
SHA256
770a7455fc0ac683cf1ea5f64c528ea717871300c1ff20e29cf34276acd0528d
-
SHA512
4d4a53e359289b097e8aa7debd3dee172b6244690641571a6ea53ddf72b316ad0cd224c7946d952c95b63932b2b535a00bce7c4b2448c188fbe4da0cfd422a5f
-
SSDEEP
12288:ZAwKdJVZz5ddOa01PTqcy3jP3fBfzUnFBDxqF7ETu6jQRwcndJoTgfz8uf:OTVZ93O1qcyNAVK7ytby+gl
Static task
static1
Behavioral task
behavioral1
Sample
85d29bf17d2b11754deb221731a9ea4c.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
85d29bf17d2b11754deb221731a9ea4c.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.valvulasthermovalve.cl - Port:
21 - Username:
cva19491@valvulasthermovalve.cl - Password:
LILKOOLL14!!
Targets
-
-
Target
85d29bf17d2b11754deb221731a9ea4c.exe
-
Size
791KB
-
MD5
85d29bf17d2b11754deb221731a9ea4c
-
SHA1
eb91d80b64db46e71784db25ff2380003d3a1b9c
-
SHA256
770a7455fc0ac683cf1ea5f64c528ea717871300c1ff20e29cf34276acd0528d
-
SHA512
4d4a53e359289b097e8aa7debd3dee172b6244690641571a6ea53ddf72b316ad0cd224c7946d952c95b63932b2b535a00bce7c4b2448c188fbe4da0cfd422a5f
-
SSDEEP
12288:ZAwKdJVZz5ddOa01PTqcy3jP3fBfzUnFBDxqF7ETu6jQRwcndJoTgfz8uf:OTVZ93O1qcyNAVK7ytby+gl
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-