General
-
Target
36d948b545a839e073e4385095ccff42.exe
-
Size
682KB
-
Sample
231202-t9yxgaea6y
-
MD5
36d948b545a839e073e4385095ccff42
-
SHA1
5dc6d5e0d2eb725656dc180edecaa499b7be2348
-
SHA256
6ccdcfcad42b18c4ef436f7b0968ef7d74c974f653987806636f448497df80b2
-
SHA512
a0eae8b094d7d9d11b1d7ae92e2cdb53e3e54a1d262402e224515e506a972e728a94e3927a5479ef8d0a0364d741ad025145a77fd0c9b12a9ffcbd8f1ded7cd6
-
SSDEEP
12288:ECqeJxISt4La3wx8b89QQxlyT5vrC1sdvO54vDQ4ZK:EeJrtQay8b86Qi5vmad2u0v
Static task
static1
Behavioral task
behavioral1
Sample
36d948b545a839e073e4385095ccff42.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
36d948b545a839e073e4385095ccff42.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://valvulasthermovalve.cl - Port:
21 - Username:
[email protected] - Password:
LILKOOLL14!!
Targets
-
-
Target
36d948b545a839e073e4385095ccff42.exe
-
Size
682KB
-
MD5
36d948b545a839e073e4385095ccff42
-
SHA1
5dc6d5e0d2eb725656dc180edecaa499b7be2348
-
SHA256
6ccdcfcad42b18c4ef436f7b0968ef7d74c974f653987806636f448497df80b2
-
SHA512
a0eae8b094d7d9d11b1d7ae92e2cdb53e3e54a1d262402e224515e506a972e728a94e3927a5479ef8d0a0364d741ad025145a77fd0c9b12a9ffcbd8f1ded7cd6
-
SSDEEP
12288:ECqeJxISt4La3wx8b89QQxlyT5vrC1sdvO54vDQ4ZK:EeJrtQay8b86Qi5vmad2u0v
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-