General
-
Target
2f92decef5d32161f9aed538b0aa26f9abf8f9f64cbe301e47ebd5698cb1a35d
-
Size
75KB
-
Sample
240424-cdf84sea89
-
MD5
4947ceb95e8bdd74da8bcf401f4208e9
-
SHA1
f5a49a6ac9a0bb7d3bc0652211938b198b27b6b9
-
SHA256
2f92decef5d32161f9aed538b0aa26f9abf8f9f64cbe301e47ebd5698cb1a35d
-
SHA512
7c08e72393f0adbec1a92e7d2a067a60764a94c1b6077f7bf3cd1910b2eb77e04690fe0b3b9dca8d0380d9bd94ab5c808267631f175ddd914f04c12ba644120e
-
SSDEEP
1536:3MRoht2EqiWz6PuoOa1wVVJH8mZZGaObUrffsKzCyH5n59s/d9aPJmmZwOcuUi:8Roht2EqiWzoKaeVXH8mZZGafr8yH5nJ
Static task
static1
Behavioral task
behavioral1
Sample
2f92decef5d32161f9aed538b0aa26f9abf8f9f64cbe301e47ebd5698cb1a35d.rtf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2f92decef5d32161f9aed538b0aa26f9abf8f9f64cbe301e47ebd5698cb1a35d.rtf
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.vila-gabriel.ro - Port:
21 - Username:
[email protected] - Password:
bVkMH6R.pfF~NN@ossy$W!_pz[bh!9l(MU%UtX9L^W}vO=mn*g*;]}]
Targets
-
-
Target
2f92decef5d32161f9aed538b0aa26f9abf8f9f64cbe301e47ebd5698cb1a35d
-
Size
75KB
-
MD5
4947ceb95e8bdd74da8bcf401f4208e9
-
SHA1
f5a49a6ac9a0bb7d3bc0652211938b198b27b6b9
-
SHA256
2f92decef5d32161f9aed538b0aa26f9abf8f9f64cbe301e47ebd5698cb1a35d
-
SHA512
7c08e72393f0adbec1a92e7d2a067a60764a94c1b6077f7bf3cd1910b2eb77e04690fe0b3b9dca8d0380d9bd94ab5c808267631f175ddd914f04c12ba644120e
-
SSDEEP
1536:3MRoht2EqiWz6PuoOa1wVVJH8mZZGaObUrffsKzCyH5n59s/d9aPJmmZwOcuUi:8Roht2EqiWzoKaeVXH8mZZGafr8yH5nJ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-