General
-
Target
acb944b1e95d034509236638d3f794be.bin
-
Size
675KB
-
Sample
240425-ccxjpsdc32
-
MD5
1b67b9721e4674cab16b7892ac7f4a74
-
SHA1
d02392f9234d732d32a32e980a1f168eca6d901f
-
SHA256
bcc3f084ead4dde162229de1b25d935c0624c6a8316c220cc059fd025be4fd08
-
SHA512
8b2d874dcf46c23aa3bab348b6789df9b56874714327aecca0836a3612e123def2d2a6969d0ba03472d5599cca93f05f1153fb390a7b5f34545f0fa2679cf9f5
-
SSDEEP
12288:u7/KgbSQIi+jtqQVqUXrpXO3InqA1dE+/Y9jwk20wGOf7Mk9lYbA9+kzh:4/PbS+3WpVqMu+/S0kQGOfwXA8kt
Static task
static1
Behavioral task
behavioral1
Sample
SC_ADACONI_N.24040122PDF.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
SC_ADACONI_N.24040122PDF.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.rusticpensiune.ro - Port:
21 - Username:
[email protected] - Password:
99AM}+NZ&CCq!4Vq)9!(zXx01.lQ!~nS.fBnY,4Z~fjHnGo*B3Gd;B{Q1!%-Xw--%vn^0%nt
Targets
-
-
Target
SC_ADACONI_N.24040122PDF.exe
-
Size
1.1MB
-
MD5
2a793bfa3d22c67153842279520b366c
-
SHA1
953fe50e20ef01e1afbc8112f7e1d6167646083b
-
SHA256
de9d7a5b1df10e151659a0867c4c7004ff4f023acdb9071f88b0939c1cb37dea
-
SHA512
76c3e3c4e576eb5f3cb1549e64652156776b54e29e2b32d24075301cbda89b8f45071ad7e307f201cf60f83bf690b53343d8f2399ddaf7d61ed6ca4b967a6df5
-
SSDEEP
12288:xx7SXc87X+bXPXST4Fof1XUhJePHq3EdfX4xw5cRK5JNHrU32YWrM9uOAHnVRS3h:rSXcH/X4yBevq0dAxnRK4iA9ga
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-