General
-
Target
1c6dffa90d393fdcc2db9e1cf8af2c557129bb4afadb04d87969ad3edd10ffc3.exe
-
Size
680KB
-
Sample
231202-k8jlqabc35
-
MD5
967eb9fa0ce5f1ec2b6b132728fc6e07
-
SHA1
58d29f3b5463467cfd666b8b1b79bbec930f0d66
-
SHA256
1c6dffa90d393fdcc2db9e1cf8af2c557129bb4afadb04d87969ad3edd10ffc3
-
SHA512
6960fe8f82db6c3e020be07fc6147361c8ba4966293c761255156bd6e32025d203290f3c39d535dde60078addd9cc99f461adc793605a28f996331cd6f829ad1
-
SSDEEP
12288:tCIEJjIu1KPsUDMy1+TiReOE1rUxsLINxW/9AFItaGeGQwmEBK:7EJHKPrWiRMV0Ne9A6sdGQwmEc
Static task
static1
Behavioral task
behavioral1
Sample
1c6dffa90d393fdcc2db9e1cf8af2c557129bb4afadb04d87969ad3edd10ffc3.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
1c6dffa90d393fdcc2db9e1cf8af2c557129bb4afadb04d87969ad3edd10ffc3.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.dzine.com.tr - Port:
21 - Username:
dzinecom - Password:
Dzine21.
Extracted
Protocol: ftp- Host:
ftp.dzine.com.tr - Port:
21 - Username:
dzinecom - Password:
Dzine21.
Targets
-
-
Target
1c6dffa90d393fdcc2db9e1cf8af2c557129bb4afadb04d87969ad3edd10ffc3.exe
-
Size
680KB
-
MD5
967eb9fa0ce5f1ec2b6b132728fc6e07
-
SHA1
58d29f3b5463467cfd666b8b1b79bbec930f0d66
-
SHA256
1c6dffa90d393fdcc2db9e1cf8af2c557129bb4afadb04d87969ad3edd10ffc3
-
SHA512
6960fe8f82db6c3e020be07fc6147361c8ba4966293c761255156bd6e32025d203290f3c39d535dde60078addd9cc99f461adc793605a28f996331cd6f829ad1
-
SSDEEP
12288:tCIEJjIu1KPsUDMy1+TiReOE1rUxsLINxW/9AFItaGeGQwmEBK:7EJHKPrWiRMV0Ne9A6sdGQwmEc
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-