General
-
Target
1a321cfb8647c14d3ff24d20572ea1165e3e07251751ac485d8d2fbb3ac111ef
-
Size
997KB
-
Sample
231207-ca1hksgffm
-
MD5
e0bf5c50fdec6e23721798acf56c7e8f
-
SHA1
0976d0d91a0ad285a027f526cd6451a5db7943c1
-
SHA256
1a321cfb8647c14d3ff24d20572ea1165e3e07251751ac485d8d2fbb3ac111ef
-
SHA512
bee98559adab3c2932b65658fed0ebe11690198c7192c17281df127ce07cddff0542c04e393eb3546059f8ecc7c8fd19261bb2fcdf24c526938609e886f6cca6
-
SSDEEP
24576:7xizBcjENqXUFGEq3ezspBR0TJqwfFH4nLxwpdxAix29C:OBcuvPnCjQqwNHExw7G99C
Static task
static1
Behavioral task
behavioral1
Sample
1a321cfb8647c14d3ff24d20572ea1165e3e07251751ac485d8d2fbb3ac111ef.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
1a321cfb8647c14d3ff24d20572ea1165e3e07251751ac485d8d2fbb3ac111ef.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.siscop.com.co - Port:
21 - Username:
[email protected] - Password:
+5s48Ia2&-(t
Targets
-
-
Target
1a321cfb8647c14d3ff24d20572ea1165e3e07251751ac485d8d2fbb3ac111ef
-
Size
997KB
-
MD5
e0bf5c50fdec6e23721798acf56c7e8f
-
SHA1
0976d0d91a0ad285a027f526cd6451a5db7943c1
-
SHA256
1a321cfb8647c14d3ff24d20572ea1165e3e07251751ac485d8d2fbb3ac111ef
-
SHA512
bee98559adab3c2932b65658fed0ebe11690198c7192c17281df127ce07cddff0542c04e393eb3546059f8ecc7c8fd19261bb2fcdf24c526938609e886f6cca6
-
SSDEEP
24576:7xizBcjENqXUFGEq3ezspBR0TJqwfFH4nLxwpdxAix29C:OBcuvPnCjQqwNHExw7G99C
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-