General
-
Target
tmp
-
Size
858KB
-
Sample
231207-x4433seg38
-
MD5
d7ccd654ae1d4930c48652bc82d37120
-
SHA1
2897d0512d2007620dcb6bf050efa33112093133
-
SHA256
892d500a68b8bea757537fe603d7c217488f8526ec28f6dd52d85528ef9a1eb2
-
SHA512
3fbf2a515053c9fbf7914166ec19f0c9cc3b269b3c1e59c3b28c751d0690ee22ddcd01dd09b0b7870072bf3260688dca8180da6ba26a7100d5fdffe4d5baef03
-
SSDEEP
24576:1WNiEnfcWhwAQBWuqPL5olwjtAfXbgypF:6JThtQA/j5oyjtA/9pF
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.siscop.com.co - Port:
21 - Username:
[email protected] - Password:
+5s48Ia2&-(t
Targets
-
-
Target
tmp
-
Size
858KB
-
MD5
d7ccd654ae1d4930c48652bc82d37120
-
SHA1
2897d0512d2007620dcb6bf050efa33112093133
-
SHA256
892d500a68b8bea757537fe603d7c217488f8526ec28f6dd52d85528ef9a1eb2
-
SHA512
3fbf2a515053c9fbf7914166ec19f0c9cc3b269b3c1e59c3b28c751d0690ee22ddcd01dd09b0b7870072bf3260688dca8180da6ba26a7100d5fdffe4d5baef03
-
SSDEEP
24576:1WNiEnfcWhwAQBWuqPL5olwjtAfXbgypF:6JThtQA/j5oyjtA/9pF
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-