General
-
Target
c31f7b9353cd8faac9a972ecf0b788640a04305ab812d9529dc91eba4cdcf9bb
-
Size
1.0MB
-
Sample
240424-cf12aseb47
-
MD5
fbaf3252a1d4a985aeeebee9c457dcef
-
SHA1
4810e027a476a64003512e96cd8bebeb70b0ede2
-
SHA256
c31f7b9353cd8faac9a972ecf0b788640a04305ab812d9529dc91eba4cdcf9bb
-
SHA512
0e72c7b00bf4eee712939163bc81e1cf9d80ef57c06d0f622c08418c2cafad2a43a322a27b71e61ffb176405d70ebd7284a8469420c9d44145b97c7c5746cf0f
-
SSDEEP
24576:qAHnh+eWsN3skA4RV1Hom2KXMmHa1X/Ql9meyT5:9h+ZkldoPK8Ya1X/C9vu
Static task
static1
Behavioral task
behavioral1
Sample
c31f7b9353cd8faac9a972ecf0b788640a04305ab812d9529dc91eba4cdcf9bb.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
c31f7b9353cd8faac9a972ecf0b788640a04305ab812d9529dc91eba4cdcf9bb.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.siscop.com.co - Port:
21 - Username:
[email protected] - Password:
+5s48Ia2&-(t
Targets
-
-
Target
c31f7b9353cd8faac9a972ecf0b788640a04305ab812d9529dc91eba4cdcf9bb
-
Size
1.0MB
-
MD5
fbaf3252a1d4a985aeeebee9c457dcef
-
SHA1
4810e027a476a64003512e96cd8bebeb70b0ede2
-
SHA256
c31f7b9353cd8faac9a972ecf0b788640a04305ab812d9529dc91eba4cdcf9bb
-
SHA512
0e72c7b00bf4eee712939163bc81e1cf9d80ef57c06d0f622c08418c2cafad2a43a322a27b71e61ffb176405d70ebd7284a8469420c9d44145b97c7c5746cf0f
-
SSDEEP
24576:qAHnh+eWsN3skA4RV1Hom2KXMmHa1X/Ql9meyT5:9h+ZkldoPK8Ya1X/C9vu
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-