General
-
Target
3f53b4aca8ad12e68d65ab23014616d1e7d7b3ba8799ec1425aa0cb87e11a9c5
-
Size
1.2MB
-
Sample
231202-b2f3kshc57
-
MD5
23317f92fc52801bae438ecc5a1dd176
-
SHA1
ff2f7cd15173452611975434e6b9a1e7ecf9d6f9
-
SHA256
3f53b4aca8ad12e68d65ab23014616d1e7d7b3ba8799ec1425aa0cb87e11a9c5
-
SHA512
e1302ca476a87785768a7a9519ff8e0f8d9721dfad90826ac5fd61d4510d39795c21627c97024ad45a7c79a07dc2a37e8ca900db08831b232c50dd394fa554ac
-
SSDEEP
24576:Ik70Trc+IIryvqs17nylAE9Znwm3eJh07fXVi6EX7+fstPIN2VN:IkQTA+5Wq0cAInwVujVP2IN2VN
Static task
static1
Behavioral task
behavioral1
Sample
3f53b4aca8ad12e68d65ab23014616d1e7d7b3ba8799ec1425aa0cb87e11a9c5.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
3f53b4aca8ad12e68d65ab23014616d1e7d7b3ba8799ec1425aa0cb87e11a9c5.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.siscop.com.co - Port:
21 - Username:
[email protected] - Password:
+5s48Ia2&-(t
Targets
-
-
Target
3f53b4aca8ad12e68d65ab23014616d1e7d7b3ba8799ec1425aa0cb87e11a9c5
-
Size
1.2MB
-
MD5
23317f92fc52801bae438ecc5a1dd176
-
SHA1
ff2f7cd15173452611975434e6b9a1e7ecf9d6f9
-
SHA256
3f53b4aca8ad12e68d65ab23014616d1e7d7b3ba8799ec1425aa0cb87e11a9c5
-
SHA512
e1302ca476a87785768a7a9519ff8e0f8d9721dfad90826ac5fd61d4510d39795c21627c97024ad45a7c79a07dc2a37e8ca900db08831b232c50dd394fa554ac
-
SSDEEP
24576:Ik70Trc+IIryvqs17nylAE9Znwm3eJh07fXVi6EX7+fstPIN2VN:IkQTA+5Wq0cAInwVujVP2IN2VN
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-