General
-
Target
6e2dc37a846ac09fec63b0da80546e4a84a0e761472070cb7210240f82e51a7d
-
Size
666KB
-
Sample
231213-b97khaedem
-
MD5
094a7e077270ca04b6ecb21977712c8c
-
SHA1
7c3f308d6ea455f4665a51040aa2b267fdc1f2e5
-
SHA256
6e2dc37a846ac09fec63b0da80546e4a84a0e761472070cb7210240f82e51a7d
-
SHA512
5ff326fc0c74c2abd962bbdbf7294886376a0aa546bd09c434843444331cb9e627ce8d93ef4d6861bc87ed2b56632d75262bb9f9edd29967924d21d5961f0a9e
-
SSDEEP
12288:eSGJ+4WpAELy7Srb6eXxX+oX4DahczfnkjlGtlmOTkz4g4u3psNE+:tpAEoeXxppyznkjlKmOT4Ns
Static task
static1
Behavioral task
behavioral1
Sample
6e2dc37a846ac09fec63b0da80546e4a84a0e761472070cb7210240f82e51a7d.exe
Resource
win7-20231023-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://thedress.pk - Port:
21 - Username:
[email protected] - Password:
LILKOOLL14!!
Extracted
Protocol: ftp- Host:
thedress.pk - Port:
21 - Username:
[email protected] - Password:
LILKOOLL14!!
Targets
-
-
Target
6e2dc37a846ac09fec63b0da80546e4a84a0e761472070cb7210240f82e51a7d
-
Size
666KB
-
MD5
094a7e077270ca04b6ecb21977712c8c
-
SHA1
7c3f308d6ea455f4665a51040aa2b267fdc1f2e5
-
SHA256
6e2dc37a846ac09fec63b0da80546e4a84a0e761472070cb7210240f82e51a7d
-
SHA512
5ff326fc0c74c2abd962bbdbf7294886376a0aa546bd09c434843444331cb9e627ce8d93ef4d6861bc87ed2b56632d75262bb9f9edd29967924d21d5961f0a9e
-
SSDEEP
12288:eSGJ+4WpAELy7Srb6eXxX+oX4DahczfnkjlGtlmOTkz4g4u3psNE+:tpAEoeXxppyznkjlKmOT4Ns
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-