General
-
Target
4lgeug
-
Size
68KB
-
Sample
240423-xr79zaba77
-
MD5
fff188bebcf8468642229428227ef8ff
-
SHA1
ec26be493066bcbc12abcf9d4ba374309d3ded83
-
SHA256
e3986c9a3d1d24b0cff99c78bd92d594eeb6d2a438f14ec6a44e3ef74c86c517
-
SHA512
264cbbfab0e8b4bb669f2999ced07a3bdf7312601422ff8caae3a45aca1e99b5013221b99f57135169d3824b906bcbe9edcea44db879366e957c1e224648b1a0
-
SSDEEP
1536:eeAlB6opE4g6RP3efl4+fRfcTxaxzUMcsBbOQNqOWpx6zl+03kaOAh/zRdAe+nhM:fAlB6opE4g6R84+fRfcTEbOQYOWpxo3V
Static task
static1
Behavioral task
behavioral1
Sample
4lgeug.rtf
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4lgeug.rtf
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.elquijotebanquetes.com - Port:
21 - Username:
[email protected] - Password:
4r@d15PS!-!h
Targets
-
-
Target
4lgeug
-
Size
68KB
-
MD5
fff188bebcf8468642229428227ef8ff
-
SHA1
ec26be493066bcbc12abcf9d4ba374309d3ded83
-
SHA256
e3986c9a3d1d24b0cff99c78bd92d594eeb6d2a438f14ec6a44e3ef74c86c517
-
SHA512
264cbbfab0e8b4bb669f2999ced07a3bdf7312601422ff8caae3a45aca1e99b5013221b99f57135169d3824b906bcbe9edcea44db879366e957c1e224648b1a0
-
SSDEEP
1536:eeAlB6opE4g6RP3efl4+fRfcTxaxzUMcsBbOQNqOWpx6zl+03kaOAh/zRdAe+nhM:fAlB6opE4g6R84+fRfcTEbOQYOWpxo3V
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-