General
-
Target
ecc97660fb9044336595d440673cbabc46dd594b2fa37f57077631e6cb3f8afe
-
Size
1.0MB
-
Sample
240425-d7q6vaeg9s
-
MD5
bf27a932d79bf41c51666a2c180d57a8
-
SHA1
d5759f16337b0ca14649352bdffe7b6ad9c1b65c
-
SHA256
ecc97660fb9044336595d440673cbabc46dd594b2fa37f57077631e6cb3f8afe
-
SHA512
67c2529a93122be401d9cd4a9e2f8fffbb21d723c401f48eb4419d3ab54cd69d70f58f74c6db4622bcd9a46c2ff78acd711373b29f900bb4706a06657ac86301
-
SSDEEP
24576:zAHnh+eWsN3skA4RV1Hom2KXMmHavsdvB1K2lADL5:+h+ZkldoPK8YavOvvU
Static task
static1
Behavioral task
behavioral1
Sample
ecc97660fb9044336595d440673cbabc46dd594b2fa37f57077631e6cb3f8afe.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
ecc97660fb9044336595d440673cbabc46dd594b2fa37f57077631e6cb3f8afe.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.fosna.net - Port:
21 - Username:
[email protected] - Password:
u;4z3V.Iir1l
Targets
-
-
Target
ecc97660fb9044336595d440673cbabc46dd594b2fa37f57077631e6cb3f8afe
-
Size
1.0MB
-
MD5
bf27a932d79bf41c51666a2c180d57a8
-
SHA1
d5759f16337b0ca14649352bdffe7b6ad9c1b65c
-
SHA256
ecc97660fb9044336595d440673cbabc46dd594b2fa37f57077631e6cb3f8afe
-
SHA512
67c2529a93122be401d9cd4a9e2f8fffbb21d723c401f48eb4419d3ab54cd69d70f58f74c6db4622bcd9a46c2ff78acd711373b29f900bb4706a06657ac86301
-
SSDEEP
24576:zAHnh+eWsN3skA4RV1Hom2KXMmHavsdvB1K2lADL5:+h+ZkldoPK8YavOvvU
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-