General
-
Target
ff4a98d6e14f1b8133a10ec3e0bcd637dd1bc9d3ee76c7ead2112be0a7b566e2
-
Size
1008KB
-
Sample
240426-bgyrwsgf6v
-
MD5
03334ad09e20afe061c3594321a20d4a
-
SHA1
614f9d8a271ecb9599410ec83d7254ab9a2d8b33
-
SHA256
ff4a98d6e14f1b8133a10ec3e0bcd637dd1bc9d3ee76c7ead2112be0a7b566e2
-
SHA512
25a67a2da840d2c8f57282aaed71f01b0ec659c6c880de96e483c222e1a60e77b72e6d062bab671e6a0df709667bd7fc2f57f77b37831ec893f5664d7c08d5af
-
SSDEEP
24576:IAHnh+eWsN3skA4RV1Hom2KXMmHaN5COWwOTOYw5:Ph+ZkldoPK8YaNvWNOX
Static task
static1
Behavioral task
behavioral1
Sample
ff4a98d6e14f1b8133a10ec3e0bcd637dd1bc9d3ee76c7ead2112be0a7b566e2.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ff4a98d6e14f1b8133a10ec3e0bcd637dd1bc9d3ee76c7ead2112be0a7b566e2.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.corpsa.net - Port:
21 - Username:
vodooooo@corpsa.net - Password:
-E~O8rekW5UT
Targets
-
-
Target
ff4a98d6e14f1b8133a10ec3e0bcd637dd1bc9d3ee76c7ead2112be0a7b566e2
-
Size
1008KB
-
MD5
03334ad09e20afe061c3594321a20d4a
-
SHA1
614f9d8a271ecb9599410ec83d7254ab9a2d8b33
-
SHA256
ff4a98d6e14f1b8133a10ec3e0bcd637dd1bc9d3ee76c7ead2112be0a7b566e2
-
SHA512
25a67a2da840d2c8f57282aaed71f01b0ec659c6c880de96e483c222e1a60e77b72e6d062bab671e6a0df709667bd7fc2f57f77b37831ec893f5664d7c08d5af
-
SSDEEP
24576:IAHnh+eWsN3skA4RV1Hom2KXMmHaN5COWwOTOYw5:Ph+ZkldoPK8YaNvWNOX
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-