General
-
Target
a0d433f95e1973bf820c820303472a75b233aadf40fe2b60262ac454205c8151
-
Size
13KB
-
Sample
240320-cqs4fafa61
-
MD5
93b0dcc4fdb8e4b378ac79f4763d8a05
-
SHA1
1cfb476240b74e663463d52efcd713151190b5e2
-
SHA256
a0d433f95e1973bf820c820303472a75b233aadf40fe2b60262ac454205c8151
-
SHA512
381c6aa0a25929f9ccbdd892e87b8b78eb9e1209080e1450789bd11dcb4ed0e57ebbea5a04ccf39bbdc27f0264711d1bfc5353328fac5ac2becad2c121b8e2be
-
SSDEEP
384:UyXrvYhVorRTtKbL+Lm+YrfXixVvd+mUMWJvHi6uHZzQkWYo+v2tzPxYzcsR0Zm8:6VkubCtYrfcVvgCWJvPP9Y32kuig
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.folder.ro - Port:
21 - Username:
[email protected] - Password:
xgkFQ6fqqo}J
Targets
-
-
Target
a0d433f95e1973bf820c820303472a75b233aadf40fe2b60262ac454205c8151
-
Size
13KB
-
MD5
93b0dcc4fdb8e4b378ac79f4763d8a05
-
SHA1
1cfb476240b74e663463d52efcd713151190b5e2
-
SHA256
a0d433f95e1973bf820c820303472a75b233aadf40fe2b60262ac454205c8151
-
SHA512
381c6aa0a25929f9ccbdd892e87b8b78eb9e1209080e1450789bd11dcb4ed0e57ebbea5a04ccf39bbdc27f0264711d1bfc5353328fac5ac2becad2c121b8e2be
-
SSDEEP
384:UyXrvYhVorRTtKbL+Lm+YrfXixVvd+mUMWJvHi6uHZzQkWYo+v2tzPxYzcsR0Zm8:6VkubCtYrfcVvgCWJvPP9Y32kuig
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-