General
-
Target
4ec3514d66b51dcfded809c8724ba06a0daa179b10dbcf7c40cf53adac165291
-
Size
994KB
-
Sample
240426-cmnpjshc33
-
MD5
a2691dee3cb75bc1f0aaff4eb125cecd
-
SHA1
c15fc5369392b823f6133a0e2509bf4775417abf
-
SHA256
4ec3514d66b51dcfded809c8724ba06a0daa179b10dbcf7c40cf53adac165291
-
SHA512
1d5d9b17f9b82da857dfb0ff1605c4467f52da56b53d3bdedbd8848a69d933a02a52bfa02a2f34668602a6d412c79fe5689811fb1dd7febd4ebd409881d15ba6
-
SSDEEP
24576:AsP31pclTqRckEG0VCMyp0hBeh/8O/RMw9UZhdrX4+:AnkEGNtubU//RM+Ur51
Static task
static1
Behavioral task
behavioral1
Sample
4ec3514d66b51dcfded809c8724ba06a0daa179b10dbcf7c40cf53adac165291.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
4ec3514d66b51dcfded809c8724ba06a0daa179b10dbcf7c40cf53adac165291.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.normagroup.com.tr - Port:
21 - Username:
admin@normagroup.com.tr - Password:
Bossu_56@@12345@_
Targets
-
-
Target
4ec3514d66b51dcfded809c8724ba06a0daa179b10dbcf7c40cf53adac165291
-
Size
994KB
-
MD5
a2691dee3cb75bc1f0aaff4eb125cecd
-
SHA1
c15fc5369392b823f6133a0e2509bf4775417abf
-
SHA256
4ec3514d66b51dcfded809c8724ba06a0daa179b10dbcf7c40cf53adac165291
-
SHA512
1d5d9b17f9b82da857dfb0ff1605c4467f52da56b53d3bdedbd8848a69d933a02a52bfa02a2f34668602a6d412c79fe5689811fb1dd7febd4ebd409881d15ba6
-
SSDEEP
24576:AsP31pclTqRckEG0VCMyp0hBeh/8O/RMw9UZhdrX4+:AnkEGNtubU//RM+Ur51
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-