General
-
Target
DOOR-MET_23045112.IMG
-
Size
1.2MB
-
Sample
230403-jb8c5sdd63
-
MD5
769c9f1f9b4f23af5c7bc26565286b90
-
SHA1
6be5b7a4583d7fe6eb8b8eb36e38f2c0ff8d4fff
-
SHA256
001b3f8bef7bf2f4710c9355dcd6cbf537d6266f1cbc406ffc954a4485676e99
-
SHA512
ff57873f725698cb99f1c93b48865a4684c50bcb988b1653d11c9581d1eb3d30356efad043297ec2e710b19cd3670c35017e2cdf59f235224f3fa4c959148150
-
SSDEEP
12288:r6okzy/q4JM4Q2lQfzwcIDNEkxtdBo0hoay47DKWMH29yoNSDA:/ku/6gQMc6uqhrqW/N
Static task
static1
Behavioral task
behavioral1
Sample
DOOR_MET.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
DOOR_MET.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.navetesilazi.ro - Port:
21 - Username:
FTPAdmin@navetesilazi.ro - Password:
sq@s8jK.EAlTz{3EfP%b3kc4@gxAuDMO]-jKJ+CcP&U;d{f4thp)[y_^[!$Y
Targets
-
-
Target
DOOR_MET.EXE
-
Size
658KB
-
MD5
f4a6d37fefe83f89c2f6b1f253bb9c2c
-
SHA1
58ac04dfcc1f0bbf7c41181102f9371a67cda336
-
SHA256
788e583861d0022304a8013dcf66be0e312402d6154f5a7788f1d67518583c7e
-
SHA512
37f6a03d1356aa442ddc61c230549282fa5f5ce8d3aac4792e26cbbb51f75090b0ab8a0e9139304ee6b89530662cf2ee24033573b80f8b81a27fbcf6ee220e0f
-
SSDEEP
12288:q6okzy/q4JM4Q2lQfzwcIDNEkxtdBo0hoay47DKWMH29yoNSDA:Sku/6gQMc6uqhrqW/N
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-