General
-
Target
680004deb5259f23ea4e2ad1c34a57bb6f12ee64391f0e7ffde1b2b56453a023
-
Size
722KB
-
Sample
231207-bdymqagddl
-
MD5
55506ae02311eedd9858ec8997238c53
-
SHA1
44d9cb2e85d368d17a2944f467cd28350e19fcaf
-
SHA256
680004deb5259f23ea4e2ad1c34a57bb6f12ee64391f0e7ffde1b2b56453a023
-
SHA512
bbe30faa0df82d575006bcff27d97e03b6600c289b30ed13da5c2d09971f147abd0d346a1c9f2177637a1beae55cee7ef835654213b52b50c8a595dd153a8884
-
SSDEEP
12288:V2heGTE8ttyf2a1PkQteQ8oYBbR2yc8qP8sV7z60KMD8cn/X5Sv6lw4ktAfXbyge:Vc1T3tqDxejFc8qksV7WW//IylwjtAf2
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.elquijotebanquetes.com - Port:
21 - Username:
[email protected] - Password:
q.15SE~j1@};
Targets
-
-
Target
680004deb5259f23ea4e2ad1c34a57bb6f12ee64391f0e7ffde1b2b56453a023
-
Size
722KB
-
MD5
55506ae02311eedd9858ec8997238c53
-
SHA1
44d9cb2e85d368d17a2944f467cd28350e19fcaf
-
SHA256
680004deb5259f23ea4e2ad1c34a57bb6f12ee64391f0e7ffde1b2b56453a023
-
SHA512
bbe30faa0df82d575006bcff27d97e03b6600c289b30ed13da5c2d09971f147abd0d346a1c9f2177637a1beae55cee7ef835654213b52b50c8a595dd153a8884
-
SSDEEP
12288:V2heGTE8ttyf2a1PkQteQ8oYBbR2yc8qP8sV7z60KMD8cn/X5Sv6lw4ktAfXbyge:Vc1T3tqDxejFc8qksV7WW//IylwjtAf2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-