General
-
Target
d2c0138edbbfaaf091e204c9bde82a9292d7d28ca2889d8fb9ced3ef8aa9a4e5.exe
-
Size
1.1MB
-
Sample
231202-je7wsaae75
-
MD5
5793a999d5a84a4f10801b2f00371533
-
SHA1
7294141e589c196966264b01e307b90f402ece3e
-
SHA256
d2c0138edbbfaaf091e204c9bde82a9292d7d28ca2889d8fb9ced3ef8aa9a4e5
-
SHA512
897386d61c4c0dad9072a097217bb4954d05d1cf734af3a5591e662566d6c0197b12a4d874138b052b6e52e6785955cb5bf8ecc0b7cc1898bfdcdaa858bfa472
-
SSDEEP
24576:sPybZVhBwTMAwxg3U+yBeTsi5HBcz2EVs1387we4Fz:sPybQTMAw+EVBCHC2/+kjJ
Static task
static1
Behavioral task
behavioral1
Sample
d2c0138edbbfaaf091e204c9bde82a9292d7d28ca2889d8fb9ced3ef8aa9a4e5.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
d2c0138edbbfaaf091e204c9bde82a9292d7d28ca2889d8fb9ced3ef8aa9a4e5.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.siscop.com.co - Port:
21 - Username:
[email protected] - Password:
+5s48Ia2&-(t
Targets
-
-
Target
d2c0138edbbfaaf091e204c9bde82a9292d7d28ca2889d8fb9ced3ef8aa9a4e5.exe
-
Size
1.1MB
-
MD5
5793a999d5a84a4f10801b2f00371533
-
SHA1
7294141e589c196966264b01e307b90f402ece3e
-
SHA256
d2c0138edbbfaaf091e204c9bde82a9292d7d28ca2889d8fb9ced3ef8aa9a4e5
-
SHA512
897386d61c4c0dad9072a097217bb4954d05d1cf734af3a5591e662566d6c0197b12a4d874138b052b6e52e6785955cb5bf8ecc0b7cc1898bfdcdaa858bfa472
-
SSDEEP
24576:sPybZVhBwTMAwxg3U+yBeTsi5HBcz2EVs1387we4Fz:sPybQTMAw+EVBCHC2/+kjJ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-