General
-
Target
bf749c87470bbd88818b2998e606b4d36aeb2f701cd8f1f5577ffd922af66ba4
-
Size
655KB
-
Sample
231205-t9gcescd8z
-
MD5
f11ed191214d6fb26bdd687b7847c1a1
-
SHA1
8e44fb94453b349d09189d011742f89e92d802f6
-
SHA256
bf749c87470bbd88818b2998e606b4d36aeb2f701cd8f1f5577ffd922af66ba4
-
SHA512
df2e8bd1b24f0487b39f62e32de3ae3acec6899f51f3606202b413c0b72150216aa41f4536f90222ad6fadc33852eea8e5a553937310f8d650f4ba566c41d934
-
SSDEEP
12288:Rc45+po2gO7RxwIFloBuBgMdACo3S6LtX2OIyqiMAxyX:Rf+pJg8RFluYgbCoiXbyqAxyX
Static task
static1
Behavioral task
behavioral1
Sample
bf749c87470bbd88818b2998e606b4d36aeb2f701cd8f1f5577ffd922af66ba4.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
bf749c87470bbd88818b2998e606b4d36aeb2f701cd8f1f5577ffd922af66ba4.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
Protocol: ftp- Host:
94.156.71.128 - Port:
21 - Username:
sysuser - Password:
bXcj980_6__!!##8290
Extracted
agenttesla
Protocol: ftp- Host:
ftp://94.156.71.128 - Port:
21 - Username:
sysuser - Password:
bXcj980_6__!!##8290
Targets
-
-
Target
bf749c87470bbd88818b2998e606b4d36aeb2f701cd8f1f5577ffd922af66ba4
-
Size
655KB
-
MD5
f11ed191214d6fb26bdd687b7847c1a1
-
SHA1
8e44fb94453b349d09189d011742f89e92d802f6
-
SHA256
bf749c87470bbd88818b2998e606b4d36aeb2f701cd8f1f5577ffd922af66ba4
-
SHA512
df2e8bd1b24f0487b39f62e32de3ae3acec6899f51f3606202b413c0b72150216aa41f4536f90222ad6fadc33852eea8e5a553937310f8d650f4ba566c41d934
-
SSDEEP
12288:Rc45+po2gO7RxwIFloBuBgMdACo3S6LtX2OIyqiMAxyX:Rf+pJg8RFluYgbCoiXbyqAxyX
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-