General
-
Target
Technical Datasheet.exe
-
Size
622KB
-
Sample
230403-s7mkzshd5z
-
MD5
7ff90a232ed79406484bb4ed486b59dd
-
SHA1
9f1a07f1766769eb43c17eeaee6f5b3b0d40101d
-
SHA256
5d87d27a8034f66903bcfcbb0c4d325072ff13579b5b1e36aee0e25d9756cc1a
-
SHA512
de9f7e99af7e2e7184e1cdaf0dd30847092f0f30268b3422a9f0a6a2d9d10c31dd54a51de2da65ab1eda7620ea860c09c3d9b485ba974908afa2be9d77ce2b21
-
SSDEEP
12288:2VtzLwreFyRnPDDVgKGhYF7kPv+0WglDlUHZt4gfI4Jph8AaGWfJ+kDONxdb:nfdPnVgC1kPv+0nhlmZtjQ4JLJ/WKxd
Static task
static1
Behavioral task
behavioral1
Sample
Technical Datasheet.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Technical Datasheet.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.dutygroup.com.br - Port:
21 - Username:
[email protected] - Password:
MelayeResults23@
Targets
-
-
Target
Technical Datasheet.exe
-
Size
622KB
-
MD5
7ff90a232ed79406484bb4ed486b59dd
-
SHA1
9f1a07f1766769eb43c17eeaee6f5b3b0d40101d
-
SHA256
5d87d27a8034f66903bcfcbb0c4d325072ff13579b5b1e36aee0e25d9756cc1a
-
SHA512
de9f7e99af7e2e7184e1cdaf0dd30847092f0f30268b3422a9f0a6a2d9d10c31dd54a51de2da65ab1eda7620ea860c09c3d9b485ba974908afa2be9d77ce2b21
-
SSDEEP
12288:2VtzLwreFyRnPDDVgKGhYF7kPv+0WglDlUHZt4gfI4Jph8AaGWfJ+kDONxdb:nfdPnVgC1kPv+0nhlmZtjQ4JLJ/WKxd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-