General
-
Target
9a5dbc0417e9b0713f5657d70d03f110176a9bfeb9507503cefc71efeae62ef2
-
Size
1.2MB
-
Sample
240424-bxgtbadg2z
-
MD5
15a1d7b029a5221d7594fe0ea6f85c80
-
SHA1
655efbc7c95a78c7e12bc9fa20cf08ec74a6874f
-
SHA256
9a5dbc0417e9b0713f5657d70d03f110176a9bfeb9507503cefc71efeae62ef2
-
SHA512
351782a46e1593b46ba54e65b431180f8e339bd985f1976e7673736e3b19fbfe228e3fe0435344ba766089706a8ec8d26d76b3f977bbab57d955e9526556571f
-
SSDEEP
12288:pZy9zrtb7BBj6EceQ9A0Q9iuFMiE8I2QrhhZQzigN+OdYVsZlN/:reXt3B16XeQ9A/nE8IlWGgN+C5
Static task
static1
Behavioral task
behavioral1
Sample
PI88009454 007865EQ.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PI88009454 007865EQ.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.klptruck.hu - Port:
21 - Username:
[email protected] - Password:
kCu}[Z7z+)S[
Extracted
Protocol: ftp- Host:
ftp.klptruck.hu - Port:
21 - Username:
[email protected] - Password:
kCu}[Z7z+)S[
Targets
-
-
Target
PI88009454 007865EQ.exe
-
Size
672KB
-
MD5
c3cf30f78c7564162412228388adb129
-
SHA1
e7e3ea2f0f077d7e581c91f983b44d578355620d
-
SHA256
f8bb3c7c28ad6279b257469ae7e4c3e1952f50588894305ae473652add17a136
-
SHA512
9ed98d8f904247992a53b8aa929ecde95b8a4ff6fe938cf8181884de0eea8d719da69eacb74892a9dc79b4c8b2e2ed0b9d95706e967af4dc4547f00d52e364bb
-
SSDEEP
12288:PZy9zrtb7BBj6EceQ9A0Q9iuFMiE8I2QrhhZQzigN+OdYVsZlN/:BeXt3B16XeQ9A/nE8IlWGgN+C5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-