General
-
Target
927273f7e580438d982ad6a4d7d354f9ccc7ed54b549595a8083e32e81baa500.exe
-
Size
701KB
-
Sample
231201-xcw86afb2w
-
MD5
026a36df02261bbaef89af87b33f7be0
-
SHA1
2bb47544134683f75cea0167ac6b59524df7cd50
-
SHA256
927273f7e580438d982ad6a4d7d354f9ccc7ed54b549595a8083e32e81baa500
-
SHA512
563c1ab724cc13f26c51b6199e8bf02fba137f0d020198402aac685807511238b1bb27dee48b5fed8fbb4c7d4bfa36f757f404bf5ac0e17172405c1c2f67fa24
-
SSDEEP
12288:Stp1E6jD/6o8W4hFp7xbSrVymfn4FkDvzP4PpBppCZDOGt2xhxopox:Qp1tD/6osjNbQfn4uzgPDpQ5tyhxe
Static task
static1
Behavioral task
behavioral1
Sample
927273f7e580438d982ad6a4d7d354f9ccc7ed54b549595a8083e32e81baa500.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
927273f7e580438d982ad6a4d7d354f9ccc7ed54b549595a8083e32e81baa500.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.dzine.com.tr - Port:
21 - Username:
dzinecom - Password:
Dzine21.
Extracted
Protocol: ftp- Host:
ftp.dzine.com.tr - Port:
21 - Username:
dzinecom - Password:
Dzine21.
Targets
-
-
Target
927273f7e580438d982ad6a4d7d354f9ccc7ed54b549595a8083e32e81baa500.exe
-
Size
701KB
-
MD5
026a36df02261bbaef89af87b33f7be0
-
SHA1
2bb47544134683f75cea0167ac6b59524df7cd50
-
SHA256
927273f7e580438d982ad6a4d7d354f9ccc7ed54b549595a8083e32e81baa500
-
SHA512
563c1ab724cc13f26c51b6199e8bf02fba137f0d020198402aac685807511238b1bb27dee48b5fed8fbb4c7d4bfa36f757f404bf5ac0e17172405c1c2f67fa24
-
SSDEEP
12288:Stp1E6jD/6o8W4hFp7xbSrVymfn4FkDvzP4PpBppCZDOGt2xhxopox:Qp1tD/6osjNbQfn4uzgPDpQ5tyhxe
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-