General
-
Target
b31c4835e17587d6b1f5f170da84abb8130519be8ea3fc5da07d47f548ffa18b
-
Size
1.2MB
-
Sample
231209-bj4e6adhak
-
MD5
99471b98351a369f4b5114cdf32223fc
-
SHA1
64fb6a3a48d6bcfb6f7e65b9686893a28e5b62b7
-
SHA256
b31c4835e17587d6b1f5f170da84abb8130519be8ea3fc5da07d47f548ffa18b
-
SHA512
f33ea337191211a8bf9636389d2f45312e016eb833722ae9610bd1660bac70da2bb54e6381dd20a1c99cc897f7f404923305efd4b173e75881529c88326d4996
-
SSDEEP
12288:twFGHEOFmZPT0TRoi+kXjhk5na5hylgimtdYM3O0V7bbn:t5HEOOPOaMd4na2lgZtub0V7
Static task
static1
Behavioral task
behavioral1
Sample
Sutarčių analizė-pdf.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
Sutarčių analizė-pdf.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.vvspijkenisse.nl - Port:
21 - Username:
[email protected] - Password:
playingboyz231
Targets
-
-
Target
Sutarčių analizė-pdf.exe
-
Size
711KB
-
MD5
102714cb47ab0624d79ed174a8231ad6
-
SHA1
8991d7808c89d2c6209322b20ea4a8b75f78fb44
-
SHA256
0da1ad1d456b5b7a028efcbfd9c3ee45af7c6830c87c1e7469faa089dbb0fe7e
-
SHA512
7467ec91c266be688bf97f92a72068bf3271b1c58bf7ded76fce89fa93a8c06d631727b68c4938df57dbab3f0a07a0f6820f3587e87155a77e9d424e288b9bf2
-
SSDEEP
12288:twFGHEOFmZPT0TRoi+kXjhk5na5hylgimtdYM3O0V7bbnL:t5HEOOPOaMd4na2lgZtub0V7z
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-