General
-
Target
SecuriteInfo.com.Trojan.Inject4.59820.17588.19765.exe
-
Size
637KB
-
Sample
231206-j8er4ach97
-
MD5
933592f2806b5fdabe40cc79fade07f9
-
SHA1
cb91a1e10faefe1144c5cb82af2d2d0108347208
-
SHA256
d71c1598f04d52b66983f6e7341b1f940e4732a6acd57bf021f9f00f85235d42
-
SHA512
9b415817f8cf0e2bce9703e8981b7bc21ecb4427a61381e519aeee2a7cc150b041f032539d3f4453b5c1d694ce292df4cd19e285bf1842e846d64fadf13eeb80
-
SSDEEP
12288:6iuQaueH5qIUWjTyO1n9ftWcRLfux21u+O5apj8CxZMqbcldtk/ekft/Ng:6iyqIXysn911Lo2bpFxZ/bitk/F
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Inject4.59820.17588.19765.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Inject4.59820.17588.19765.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.akguneselektrik.com - Port:
21 - Username:
akgunes - Password:
9H5xQVGg
Targets
-
-
Target
SecuriteInfo.com.Trojan.Inject4.59820.17588.19765.exe
-
Size
637KB
-
MD5
933592f2806b5fdabe40cc79fade07f9
-
SHA1
cb91a1e10faefe1144c5cb82af2d2d0108347208
-
SHA256
d71c1598f04d52b66983f6e7341b1f940e4732a6acd57bf021f9f00f85235d42
-
SHA512
9b415817f8cf0e2bce9703e8981b7bc21ecb4427a61381e519aeee2a7cc150b041f032539d3f4453b5c1d694ce292df4cd19e285bf1842e846d64fadf13eeb80
-
SSDEEP
12288:6iuQaueH5qIUWjTyO1n9ftWcRLfux21u+O5apj8CxZMqbcldtk/ekft/Ng:6iyqIXysn911Lo2bpFxZ/bitk/F
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-