General
-
Target
c778ce8927502d707d1a358d062d0a4a88e4f226895128b4357d6f012ed473bf
-
Size
553KB
-
Sample
240329-cchqjsee9x
-
MD5
fb3e1f6b395d166ebe1086e1b76d6df0
-
SHA1
f969a92440aae2c44dc7d68ef5fbe33647fc3553
-
SHA256
c778ce8927502d707d1a358d062d0a4a88e4f226895128b4357d6f012ed473bf
-
SHA512
cabf08ba4e4db00c7ec8c1bd5d8c965dfff0752a70dd455a1f587ce1bcb92284a34e59dc04609beedd0dd23f0f1defc45dc6e2964ea44760cf6e66cf219ec4b0
-
SSDEEP
12288:lYV6MorX7qzuC3QHO9FQVHPF51jgc3cajO81MpO2o1CyU5ZAM:aBXu9HGaVH3V66Mw1Cb5P
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.elquijotebanquetes.com - Port:
21 - Username:
[email protected] - Password:
4r@d15PS!-!h
Targets
-
-
Target
c778ce8927502d707d1a358d062d0a4a88e4f226895128b4357d6f012ed473bf
-
Size
553KB
-
MD5
fb3e1f6b395d166ebe1086e1b76d6df0
-
SHA1
f969a92440aae2c44dc7d68ef5fbe33647fc3553
-
SHA256
c778ce8927502d707d1a358d062d0a4a88e4f226895128b4357d6f012ed473bf
-
SHA512
cabf08ba4e4db00c7ec8c1bd5d8c965dfff0752a70dd455a1f587ce1bcb92284a34e59dc04609beedd0dd23f0f1defc45dc6e2964ea44760cf6e66cf219ec4b0
-
SSDEEP
12288:lYV6MorX7qzuC3QHO9FQVHPF51jgc3cajO81MpO2o1CyU5ZAM:aBXu9HGaVH3V66Mw1Cb5P
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-