General
-
Target
076cf92f619d12f0d132979802bf5700.bin
-
Size
613KB
-
Sample
240327-bfhdhsbe5y
-
MD5
4c19fbec6addf7d11a38d489fef0041c
-
SHA1
f6240e34b6e09a10152e92c51f5d9136366ebc3f
-
SHA256
d320188e96ec3b90f0e333405a3b3cfbcbd203c0e5dbd9d7659dc3b73a1d651b
-
SHA512
58c6458a8b8d14aaaa367072d446396a29411deb03b05541e3ae6e1ad507e311dbf45a04d9c8f1c269b85a4af3ba3d62678a934ca3b5a1b66938be02e7ef81d8
-
SSDEEP
12288:ONoD/k7cJN3KrtoJ2aV+kOc5UH2VBCa8v8YpLk4z95zVsW9rnb:O2jUmN3KrtoxOc5U8/8v8IT9pVnb
Static task
static1
Behavioral task
behavioral1
Sample
aa64d8ae63a060c83638ad8a45e5a4e445a53845f4f22fe808f1828663629731.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
aa64d8ae63a060c83638ad8a45e5a4e445a53845f4f22fe808f1828663629731.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.elquijotebanquetes.com - Port:
21 - Username:
[email protected] - Password:
-GN,s*KH{VEhPmo)+f
Targets
-
-
Target
aa64d8ae63a060c83638ad8a45e5a4e445a53845f4f22fe808f1828663629731.exe
-
Size
1.0MB
-
MD5
076cf92f619d12f0d132979802bf5700
-
SHA1
51dea616dfa3dbff0d40078046f227e8f2dea822
-
SHA256
aa64d8ae63a060c83638ad8a45e5a4e445a53845f4f22fe808f1828663629731
-
SHA512
1f757a824946de10c0660580c0164fe3cbc32911f4deb7937db1a15c6ddc2c0551ddec8e1ffcf429538d52ae241bf2252ef501daab06e5f3d0456f8203503387
-
SSDEEP
24576:XAHnh+eWsN3skA4RV1Hom2KXMmHaHt3WOhH15:Kh+ZkldoPK8YaHlWOZ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-