General
-
Target
87c8443a664240d005a686eb2e10506f.bin
-
Size
186KB
-
Sample
230610-b4hzysef8x
-
MD5
2e9c6c9255cc5be2177276c5741e8827
-
SHA1
678a3bd1859c6a143eb76a11bb7126aaf84cd93b
-
SHA256
6c3e01448f668b90fcda200458e4505ac2677e72201d2b7b7e5ee6202e2fe3d4
-
SHA512
1a4e75d9e0d3351090b5a92361b740828eab57a10566f6df573eada7fcc35c86d54db2392bf871b9ae5ecf16015e59c902d53f234257789ca73465a07965fa73
-
SSDEEP
3072:bbGdjbD7HLEQN9mtOI/40ZyYf2CoRukBsKfI1KCdW/g52YZv9EX29Vcn3t4nLKef:3Gd/D7gQN4QTRucsB0Xg52cv9LVoOn7f
Static task
static1
Behavioral task
behavioral1
Sample
8cf5cff3205cf674ee41d3f7b7fe10ff2aaaf578cbf0da49c9f8be27054f84e7.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
8cf5cff3205cf674ee41d3f7b7fe10ff2aaaf578cbf0da49c9f8be27054f84e7.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.ocp.mx - Port:
21 - Username:
useme@ocp.mx - Password:
lasco4000
Targets
-
-
Target
8cf5cff3205cf674ee41d3f7b7fe10ff2aaaf578cbf0da49c9f8be27054f84e7.exe
-
Size
223KB
-
MD5
87c8443a664240d005a686eb2e10506f
-
SHA1
8e6b12aa9c0a245b9a025ed37161a7bd4a7c675b
-
SHA256
8cf5cff3205cf674ee41d3f7b7fe10ff2aaaf578cbf0da49c9f8be27054f84e7
-
SHA512
2f53f5cad7adc76c9ad5308598356b6dade3647a20897fb21f79c058eaffacb8beaa2749edad35a8e08248419c98d04b9190bc98619f7dc11901c4d1b5e2d33c
-
SSDEEP
6144:OmpbEf1ei2XTQTMGoW0orTO1r0JTbav6+fSvj5:OdZ2XMTMQdvY0Tbav6+fS
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-