General
-
Target
4c119a168b8b7b7676a510f7155807faaea3b328cb9634e5d2e4eaecd4659b41
-
Size
667KB
-
Sample
240330-bngrysdg5x
-
MD5
3f04764de9a6213bbe4be5ad91f05685
-
SHA1
01bc3f542fe8a03432298476d5ca8d42c3f60eb5
-
SHA256
4c119a168b8b7b7676a510f7155807faaea3b328cb9634e5d2e4eaecd4659b41
-
SHA512
6e639c165a2c9024b263c0fd519d820cb4e52c009feefc4fdab374b3fd1dc19a5f2b36274dc7ec6a0103369cd87217b55520fd23231f5a133cdb2172da2069eb
-
SSDEEP
12288:ZHLK1ONhwXDBCLlB0oNASrlBQvmDkIuoN2rEaHrFMhKQgDEA:ZHiONEBCLl+EASrk+4IzN2rRkOg
Static task
static1
Behavioral task
behavioral1
Sample
4c119a168b8b7b7676a510f7155807faaea3b328cb9634e5d2e4eaecd4659b41.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
4c119a168b8b7b7676a510f7155807faaea3b328cb9634e5d2e4eaecd4659b41.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.normagroup.com.tr - Port:
21 - Username:
[email protected] - Password:
Bossu_56@@12345@_
Extracted
Protocol: ftp- Host:
ftp.normagroup.com.tr - Port:
21 - Username:
[email protected] - Password:
Bossu_56@@12345@_
Targets
-
-
Target
4c119a168b8b7b7676a510f7155807faaea3b328cb9634e5d2e4eaecd4659b41
-
Size
667KB
-
MD5
3f04764de9a6213bbe4be5ad91f05685
-
SHA1
01bc3f542fe8a03432298476d5ca8d42c3f60eb5
-
SHA256
4c119a168b8b7b7676a510f7155807faaea3b328cb9634e5d2e4eaecd4659b41
-
SHA512
6e639c165a2c9024b263c0fd519d820cb4e52c009feefc4fdab374b3fd1dc19a5f2b36274dc7ec6a0103369cd87217b55520fd23231f5a133cdb2172da2069eb
-
SSDEEP
12288:ZHLK1ONhwXDBCLlB0oNASrlBQvmDkIuoN2rEaHrFMhKQgDEA:ZHiONEBCLl+EASrk+4IzN2rRkOg
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-