General
-
Target
c4cb7655cafcc20ca7c0a513293605ad.bin
-
Size
179KB
-
Sample
240327-epewjafd41
-
MD5
03544fb4a071b732bf40b4e06833d462
-
SHA1
55bc301134a323df2cf888073c4cfe5c04971f7f
-
SHA256
e6622bdd555368ef8bf22a55947f42d1de681e5c550f54855562083360eff601
-
SHA512
7163269bedd4d8e976d7d7d97e5a262a745ab0ecc48a4923d87273c7b96ceb93458117092c020455baa08d778715e2eaf833e3187a2396aa2af5eec808b517b0
-
SSDEEP
3072:vAzPrtxWmGzt7uGTR+ooAhO8S7R3yHmD6VC4OhDwrO8SZLi4wlMZNg:ozrwz1jRt4938m4frXYLi45Ng
Static task
static1
Behavioral task
behavioral1
Sample
340e702e49081960c6d318774ab212ae3885ab93fe5ad5d26cdf3c64189a7abd.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
340e702e49081960c6d318774ab212ae3885ab93fe5ad5d26cdf3c64189a7abd.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://80.92.205.47 - Port:
21 - Username:
delizzasuppl - Password:
99EK7bvTZr4zBnwW
Extracted
Protocol: ftp- Host:
80.92.205.47 - Port:
21 - Username:
delizzasuppl - Password:
99EK7bvTZr4zBnwW
Targets
-
-
Target
340e702e49081960c6d318774ab212ae3885ab93fe5ad5d26cdf3c64189a7abd.exe
-
Size
207KB
-
MD5
c4cb7655cafcc20ca7c0a513293605ad
-
SHA1
00ac921a5b26a640d002c3c7528a6ae6c88e8900
-
SHA256
340e702e49081960c6d318774ab212ae3885ab93fe5ad5d26cdf3c64189a7abd
-
SHA512
eceb4f4c5f2c205e6ff629c81624bb32454f9b0b6e43a20c8af1b01dd402cecfe199c332a72388b8f084c7d5a6651066b1d740a1d8479d234c33849f403134d0
-
SSDEEP
3072:aIc6fEubNTqFxWXtN+vv2fUwFZZGt4UvERdCtOWEbnmrdR5hV6RhnZ7GmCMY7pdL:09w2WXzCw3TGzv5EDmR56Xk
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-