General
-
Target
02a01b8458cef674e1675ff6eb0241419f526062af96d743dfe9304dd0d23de4
-
Size
1.0MB
-
Sample
240425-c4a5sadg56
-
MD5
0553bb8440735fa64bebb079154da8e2
-
SHA1
2ddda9173b56e60d48e8dfc3c61d4e7399639019
-
SHA256
02a01b8458cef674e1675ff6eb0241419f526062af96d743dfe9304dd0d23de4
-
SHA512
8f083b27a52dda53e86eba94dbde148e60526a89d782c1a648fe183b7de0be2ee53e8eafa66cc25944177c80ecd412eaedeea072f9dbd914f03ff711158f87ff
-
SSDEEP
24576:oAHnh+eWsN3skA4RV1Hom2KXMmHa2v/FjnvHXZ55:vh+ZkldoPK8Ya2vZvHh
Static task
static1
Behavioral task
behavioral1
Sample
02a01b8458cef674e1675ff6eb0241419f526062af96d743dfe9304dd0d23de4.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
02a01b8458cef674e1675ff6eb0241419f526062af96d743dfe9304dd0d23de4.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.elquijotebanquetes.com - Port:
21 - Username:
[email protected] - Password:
4r@d15PS!-!h
Targets
-
-
Target
02a01b8458cef674e1675ff6eb0241419f526062af96d743dfe9304dd0d23de4
-
Size
1.0MB
-
MD5
0553bb8440735fa64bebb079154da8e2
-
SHA1
2ddda9173b56e60d48e8dfc3c61d4e7399639019
-
SHA256
02a01b8458cef674e1675ff6eb0241419f526062af96d743dfe9304dd0d23de4
-
SHA512
8f083b27a52dda53e86eba94dbde148e60526a89d782c1a648fe183b7de0be2ee53e8eafa66cc25944177c80ecd412eaedeea072f9dbd914f03ff711158f87ff
-
SSDEEP
24576:oAHnh+eWsN3skA4RV1Hom2KXMmHa2v/FjnvHXZ55:vh+ZkldoPK8Ya2vZvHh
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-