General
-
Target
cd0a6fd02c14f1f57c2f54a113deb268139ce77f67937379b97f9328dfbadf3c
-
Size
181KB
-
Sample
231204-bzpxpsgd8w
-
MD5
7510501bcc35b519e0da9feddf837bea
-
SHA1
2797c99800f9e209baef871b1478e2954bf6cfd1
-
SHA256
cd0a6fd02c14f1f57c2f54a113deb268139ce77f67937379b97f9328dfbadf3c
-
SHA512
1643a4c94f18a6e9983a5c9d3bc5d631a3ec518108cc7eec2e709a4bfbb2e31ecd5d62217f6ba561e081fec001eed937703ffd08c31877cd3312ea46cb4be66e
-
SSDEEP
3072:8MVblLpXEEhir/qElJcLsrGhMry5rDGNUQsJM51yA7BwOEHyP:TblLBEAS/qsJcLBhMrKDGaQsotGt
Static task
static1
Behavioral task
behavioral1
Sample
cd0a6fd02c14f1f57c2f54a113deb268139ce77f67937379b97f9328dfbadf3c.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
cd0a6fd02c14f1f57c2f54a113deb268139ce77f67937379b97f9328dfbadf3c.exe
Resource
win10v2004-20231201-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.siscop.com.co - Port:
21 - Username:
[email protected] - Password:
+5s48Ia2&-(t
Targets
-
-
Target
cd0a6fd02c14f1f57c2f54a113deb268139ce77f67937379b97f9328dfbadf3c
-
Size
181KB
-
MD5
7510501bcc35b519e0da9feddf837bea
-
SHA1
2797c99800f9e209baef871b1478e2954bf6cfd1
-
SHA256
cd0a6fd02c14f1f57c2f54a113deb268139ce77f67937379b97f9328dfbadf3c
-
SHA512
1643a4c94f18a6e9983a5c9d3bc5d631a3ec518108cc7eec2e709a4bfbb2e31ecd5d62217f6ba561e081fec001eed937703ffd08c31877cd3312ea46cb4be66e
-
SSDEEP
3072:8MVblLpXEEhir/qElJcLsrGhMry5rDGNUQsJM51yA7BwOEHyP:TblLBEAS/qsJcLBhMrKDGaQsotGt
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-