General
-
Target
81aa2523235889eb7270199da041904cc43ba97b5379c9950836cc649c5eaffa
-
Size
13KB
-
Sample
240313-bg25baab62
-
MD5
4d8a692d4aa50018074db9fece92a015
-
SHA1
a19420be066cdd94eec53fae07189e4462588cc8
-
SHA256
81aa2523235889eb7270199da041904cc43ba97b5379c9950836cc649c5eaffa
-
SHA512
16e6cc10e53e31e32e4483f9b3e052470a56ef7bb58c213839e4c3bb81eb461a42840b8c15fe218a11dd00c75573b206a1a10cdc4d7fda6044df8fe6c5129e87
-
SSDEEP
384:d9qx3rVqkUJyjBVqcZGd+m8oG7ya33FhsH+ueRS1VpPgRXVNnb8551g/e:eVpMsBVTGgXoG2a33FhDh8VGlY551/
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.stingatoareincendii.ro - Port:
21 - Username:
[email protected] - Password:
r%hXHJqgc~3L
Targets
-
-
Target
81aa2523235889eb7270199da041904cc43ba97b5379c9950836cc649c5eaffa
-
Size
13KB
-
MD5
4d8a692d4aa50018074db9fece92a015
-
SHA1
a19420be066cdd94eec53fae07189e4462588cc8
-
SHA256
81aa2523235889eb7270199da041904cc43ba97b5379c9950836cc649c5eaffa
-
SHA512
16e6cc10e53e31e32e4483f9b3e052470a56ef7bb58c213839e4c3bb81eb461a42840b8c15fe218a11dd00c75573b206a1a10cdc4d7fda6044df8fe6c5129e87
-
SSDEEP
384:d9qx3rVqkUJyjBVqcZGd+m8oG7ya33FhsH+ueRS1VpPgRXVNnb8551g/e:eVpMsBVTGgXoG2a33FhDh8VGlY551/
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-