General
-
Target
3ad865e600d12c911aca0a887e33c0d2f8aa1e656e8f5a8c5e50a40f1fdfa0e9
-
Size
603KB
-
Sample
240327-ccjmvahg94
-
MD5
740baf170aa8858dd0633d11bdae4cb1
-
SHA1
e9d06351c32dd613eb2f85163df4f2dfa6383995
-
SHA256
3ad865e600d12c911aca0a887e33c0d2f8aa1e656e8f5a8c5e50a40f1fdfa0e9
-
SHA512
b0f9dc35a4ceb8c2f74339f2717acf477023c13ab0b2f4c6a116cf4dec1b9d0d1369a432f0573e1cec3be5afcbeb56b898afcdb1ba12b9a270782f0b9b29fde6
-
SSDEEP
12288:IGQo1ZWE8wS7lNTNPVEnZT9QEBA1fJasrBoSUI3g4V2pNCa5W:xQMW9wS7lN98T9pMfJasS4ApQ
Static task
static1
Behavioral task
behavioral1
Sample
3ad865e600d12c911aca0a887e33c0d2f8aa1e656e8f5a8c5e50a40f1fdfa0e9.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
3ad865e600d12c911aca0a887e33c0d2f8aa1e656e8f5a8c5e50a40f1fdfa0e9.exe
Resource
win10v2004-20240319-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.normagroup.com.tr - Port:
21 - Username:
[email protected] - Password:
Kingdom12345@
Extracted
Protocol: ftp- Host:
ftp.normagroup.com.tr - Port:
21 - Username:
[email protected] - Password:
Kingdom12345@
Targets
-
-
Target
3ad865e600d12c911aca0a887e33c0d2f8aa1e656e8f5a8c5e50a40f1fdfa0e9
-
Size
603KB
-
MD5
740baf170aa8858dd0633d11bdae4cb1
-
SHA1
e9d06351c32dd613eb2f85163df4f2dfa6383995
-
SHA256
3ad865e600d12c911aca0a887e33c0d2f8aa1e656e8f5a8c5e50a40f1fdfa0e9
-
SHA512
b0f9dc35a4ceb8c2f74339f2717acf477023c13ab0b2f4c6a116cf4dec1b9d0d1369a432f0573e1cec3be5afcbeb56b898afcdb1ba12b9a270782f0b9b29fde6
-
SSDEEP
12288:IGQo1ZWE8wS7lNTNPVEnZT9QEBA1fJasrBoSUI3g4V2pNCa5W:xQMW9wS7lN98T9pMfJasS4ApQ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-