General
-
Target
4afa99f3b34877cefef636c3a1f4a4360c06df2c31352a9852f30631f20e5bbeexe.exe
-
Size
695KB
-
Sample
231205-wyr1wsdh6z
-
MD5
9caffcd254391a3282cb59565c19fe06
-
SHA1
c87bf6c1988179062fa05833fa807b3056374c1d
-
SHA256
4afa99f3b34877cefef636c3a1f4a4360c06df2c31352a9852f30631f20e5bbe
-
SHA512
fcdd16c0d77aad853c58266a65c746ab095febc6154b9f07f21bf2c9dc4cb49aa674f535537eb719874ea9dc565b442327a606a4b32e0a9aa23cad75ff2c184d
-
SSDEEP
12288:IVi20xAn87LdAIHBmw4YmiqNKLMWozBY3DQl4:Z2gh9HBR7LMXBY3DL
Static task
static1
Behavioral task
behavioral1
Sample
4afa99f3b34877cefef636c3a1f4a4360c06df2c31352a9852f30631f20e5bbeexe.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
4afa99f3b34877cefef636c3a1f4a4360c06df2c31352a9852f30631f20e5bbeexe.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
Protocol: ftp- Host:
thedress.pk - Port:
21 - Username:
[email protected] - Password:
LILKOOLL14!!
Extracted
agenttesla
Protocol: ftp- Host:
ftp://thedress.pk - Port:
21 - Username:
[email protected] - Password:
LILKOOLL14!!
Targets
-
-
Target
4afa99f3b34877cefef636c3a1f4a4360c06df2c31352a9852f30631f20e5bbeexe.exe
-
Size
695KB
-
MD5
9caffcd254391a3282cb59565c19fe06
-
SHA1
c87bf6c1988179062fa05833fa807b3056374c1d
-
SHA256
4afa99f3b34877cefef636c3a1f4a4360c06df2c31352a9852f30631f20e5bbe
-
SHA512
fcdd16c0d77aad853c58266a65c746ab095febc6154b9f07f21bf2c9dc4cb49aa674f535537eb719874ea9dc565b442327a606a4b32e0a9aa23cad75ff2c184d
-
SSDEEP
12288:IVi20xAn87LdAIHBmw4YmiqNKLMWozBY3DQl4:Z2gh9HBR7LMXBY3DL
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-