General
-
Target
84e89e218dd82b2242aef5d3edc0032a82b3c63dd05d15de17634bf1a631bd07
-
Size
340KB
-
Sample
231209-cgpdwsffd8
-
MD5
c9dceefdbb1e81aabccc374cd4d4569f
-
SHA1
d14d0e12040b4f164929426fa1b9c4b57bcd41e4
-
SHA256
84e89e218dd82b2242aef5d3edc0032a82b3c63dd05d15de17634bf1a631bd07
-
SHA512
adf87ae5821dc2c39460da738088fc9d6120b4abc38d2450a98b50d09e281bbf94bb35dba3d640a773baa865180a223101eee96493a48f92d415948af25e4090
-
SSDEEP
6144:6EQZOh0wgD+O49Nngop6vHkmojybuuFlDUTNolzLukY++gqj6y48q887:6pZODO4LIsYbF0NKzLuF+Y6yjqF
Static task
static1
Behavioral task
behavioral1
Sample
84e89e218dd82b2242aef5d3edc0032a82b3c63dd05d15de17634bf1a631bd07.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
84e89e218dd82b2242aef5d3edc0032a82b3c63dd05d15de17634bf1a631bd07.exe
Resource
win10v2004-20231201-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.atelierzolotas.gr - Port:
21 - Username:
[email protected] - Password:
alibaba.com
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.atelierzolotas.gr - Port:
21 - Username:
[email protected] - Password:
alibaba.com
Targets
-
-
Target
84e89e218dd82b2242aef5d3edc0032a82b3c63dd05d15de17634bf1a631bd07
-
Size
340KB
-
MD5
c9dceefdbb1e81aabccc374cd4d4569f
-
SHA1
d14d0e12040b4f164929426fa1b9c4b57bcd41e4
-
SHA256
84e89e218dd82b2242aef5d3edc0032a82b3c63dd05d15de17634bf1a631bd07
-
SHA512
adf87ae5821dc2c39460da738088fc9d6120b4abc38d2450a98b50d09e281bbf94bb35dba3d640a773baa865180a223101eee96493a48f92d415948af25e4090
-
SSDEEP
6144:6EQZOh0wgD+O49Nngop6vHkmojybuuFlDUTNolzLukY++gqj6y48q887:6pZODO4LIsYbF0NKzLuF+Y6yjqF
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-