General
-
Target
fc9358b07f539d49b035be443bbce78091d30bc4012a220886cc8156be7854f0
-
Size
66KB
-
Sample
240224-bj6khsec9x
-
MD5
6acd8bd21ffe473520fe45648b23862b
-
SHA1
3cb79f909f5e3d9b1f0206e5c7df25ab5d5dab0e
-
SHA256
fc9358b07f539d49b035be443bbce78091d30bc4012a220886cc8156be7854f0
-
SHA512
9d60acdfcd5ca23a10614786f8b6931511e1ecc3413110a7abec26d8737df14d900f9c2dd1eab3ffb11803895f0dca22817b577cc0b29462126f06d412a636a1
-
SSDEEP
1536:NKCaw9aiSE6jpewSFiqg4VSLMnhPUp3cH9M:JzASiwVSLMnhMps6
Static task
static1
Behavioral task
behavioral1
Sample
fc9358b07f539d49b035be443bbce78091d30bc4012a220886cc8156be7854f0.rtf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fc9358b07f539d49b035be443bbce78091d30bc4012a220886cc8156be7854f0.rtf
Resource
win10v2004-20240221-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.elquijotebanquetes.com - Port:
21 - Username:
[email protected] - Password:
4r@d15PS!-!h
Targets
-
-
Target
fc9358b07f539d49b035be443bbce78091d30bc4012a220886cc8156be7854f0
-
Size
66KB
-
MD5
6acd8bd21ffe473520fe45648b23862b
-
SHA1
3cb79f909f5e3d9b1f0206e5c7df25ab5d5dab0e
-
SHA256
fc9358b07f539d49b035be443bbce78091d30bc4012a220886cc8156be7854f0
-
SHA512
9d60acdfcd5ca23a10614786f8b6931511e1ecc3413110a7abec26d8737df14d900f9c2dd1eab3ffb11803895f0dca22817b577cc0b29462126f06d412a636a1
-
SSDEEP
1536:NKCaw9aiSE6jpewSFiqg4VSLMnhPUp3cH9M:JzASiwVSLMnhMps6
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-