General
-
Target
fdae95c7df81f23913df0f516015d1b02c3bd3651fb927921e597b67f578e20a
-
Size
993KB
-
Sample
240425-dayvesec41
-
MD5
15f4d38208a21d8bacbecacf5176fcae
-
SHA1
ff03cb8db2907b77094f3a91093c5b69fb63fc3a
-
SHA256
fdae95c7df81f23913df0f516015d1b02c3bd3651fb927921e597b67f578e20a
-
SHA512
a1bcf7a865920bc318c705bdce505261498bda6e37fd782beccd03e4c7bf6e0dd7197d2c533233380ed52750ee9f2175ee93ef37d017e6533411f04df605596d
-
SSDEEP
24576:80rxR8wkw+HIf8V7cLFX+8Wi5lUYCIeSrXKjIlimGec+p:8+8wkw+HIf8BcLFX+DiiIe8XKEIm9x
Static task
static1
Behavioral task
behavioral1
Sample
fdae95c7df81f23913df0f516015d1b02c3bd3651fb927921e597b67f578e20a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fdae95c7df81f23913df0f516015d1b02c3bd3651fb927921e597b67f578e20a.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.normagroup.com.tr - Port:
21 - Username:
[email protected] - Password:
Bossu_56@@12345@_
Targets
-
-
Target
fdae95c7df81f23913df0f516015d1b02c3bd3651fb927921e597b67f578e20a
-
Size
993KB
-
MD5
15f4d38208a21d8bacbecacf5176fcae
-
SHA1
ff03cb8db2907b77094f3a91093c5b69fb63fc3a
-
SHA256
fdae95c7df81f23913df0f516015d1b02c3bd3651fb927921e597b67f578e20a
-
SHA512
a1bcf7a865920bc318c705bdce505261498bda6e37fd782beccd03e4c7bf6e0dd7197d2c533233380ed52750ee9f2175ee93ef37d017e6533411f04df605596d
-
SSDEEP
24576:80rxR8wkw+HIf8V7cLFX+8Wi5lUYCIeSrXKjIlimGec+p:8+8wkw+HIf8BcLFX+DiiIe8XKEIm9x
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-