General
-
Target
48db5170e767dbf625c3cb39eb34a6f0c99217d6e6bdcd71f6086c2402ca7b0a
-
Size
733KB
-
Sample
240425-dl14xseb95
-
MD5
0c1b22eb2968cc15d3ff3747968dcbef
-
SHA1
faeee4213621e5f44ae1d0533ab3261537a2ecb2
-
SHA256
48db5170e767dbf625c3cb39eb34a6f0c99217d6e6bdcd71f6086c2402ca7b0a
-
SHA512
02bb80718a4e1bdf23db3a091a3397544578bc4891df54a338efb5aeae06aa60f2632c80a7c942b5493d3076cfa41a88a5c8a9c5fc544e2c1e53b1932bb7dbaa
-
SSDEEP
12288:mdlr6D2r5nuIz2+tBV9Yzo88so62lzzvoRoKuWLOTIecXzo74DEZCSRXp5Qcxtf4:mdqI5uInYopsxezcoqOEeOzokDEcSZQs
Static task
static1
Behavioral task
behavioral1
Sample
48db5170e767dbf625c3cb39eb34a6f0c99217d6e6bdcd71f6086c2402ca7b0a.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
48db5170e767dbf625c3cb39eb34a6f0c99217d6e6bdcd71f6086c2402ca7b0a.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.klptruck.hu - Port:
21 - Username:
[email protected] - Password:
kCu}[Z7z+)S[
Extracted
Protocol: ftp- Host:
ftp.klptruck.hu - Port:
21 - Username:
[email protected] - Password:
kCu}[Z7z+)S[
Targets
-
-
Target
48db5170e767dbf625c3cb39eb34a6f0c99217d6e6bdcd71f6086c2402ca7b0a
-
Size
733KB
-
MD5
0c1b22eb2968cc15d3ff3747968dcbef
-
SHA1
faeee4213621e5f44ae1d0533ab3261537a2ecb2
-
SHA256
48db5170e767dbf625c3cb39eb34a6f0c99217d6e6bdcd71f6086c2402ca7b0a
-
SHA512
02bb80718a4e1bdf23db3a091a3397544578bc4891df54a338efb5aeae06aa60f2632c80a7c942b5493d3076cfa41a88a5c8a9c5fc544e2c1e53b1932bb7dbaa
-
SSDEEP
12288:mdlr6D2r5nuIz2+tBV9Yzo88so62lzzvoRoKuWLOTIecXzo74DEZCSRXp5Qcxtf4:mdqI5uInYopsxezcoqOEeOzokDEcSZQs
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-