General
-
Target
ed7f33b0598b170e6335ba236ddd4bdf7c5aa3dfe4f07819ad05a363a83d7bdd
-
Size
664KB
-
Sample
240327-be2qrsge43
-
MD5
3e071651f4810a4f65a868bcc1984d45
-
SHA1
2dd415b0eab962f01f18e367d66215141233534f
-
SHA256
ed7f33b0598b170e6335ba236ddd4bdf7c5aa3dfe4f07819ad05a363a83d7bdd
-
SHA512
f98ff709fd13c62b6985d06ba5dbd7b1ff525563a10e75139c49abe6a1ee53936092078b87cf4a0e8e88dfa76b72efc3b7f038e2220c85ea68327c1298a76abe
-
SSDEEP
12288:/sHzOUNUSB/o5LsI1uwajJ5yvv1l2HB266mFGCuMJZrlY9aob80pprum7:OiUmSB/o5d1ubcvsBFFroFppru+
Behavioral task
behavioral1
Sample
ed7f33b0598b170e6335ba236ddd4bdf7c5aa3dfe4f07819ad05a363a83d7bdd.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.elquijotebanquetes.com - Port:
21 - Username:
[email protected] - Password:
-GN,s*KH{VEhPmo)+f
Targets
-
-
Target
ed7f33b0598b170e6335ba236ddd4bdf7c5aa3dfe4f07819ad05a363a83d7bdd
-
Size
664KB
-
MD5
3e071651f4810a4f65a868bcc1984d45
-
SHA1
2dd415b0eab962f01f18e367d66215141233534f
-
SHA256
ed7f33b0598b170e6335ba236ddd4bdf7c5aa3dfe4f07819ad05a363a83d7bdd
-
SHA512
f98ff709fd13c62b6985d06ba5dbd7b1ff525563a10e75139c49abe6a1ee53936092078b87cf4a0e8e88dfa76b72efc3b7f038e2220c85ea68327c1298a76abe
-
SSDEEP
12288:/sHzOUNUSB/o5LsI1uwajJ5yvv1l2HB266mFGCuMJZrlY9aob80pprum7:OiUmSB/o5d1ubcvsBFFroFppru+
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-