General
-
Target
53a30e8407b39ef82ac0fa734104f72e9e6809a4d4953b98cc97564f296c76c7
-
Size
617KB
-
Sample
240427-beamaaff28
-
MD5
0df385231fbf92792d199d6bcae3e6a1
-
SHA1
60d99ece0ec82ee0f4e6f6fe273212f3f6795583
-
SHA256
53a30e8407b39ef82ac0fa734104f72e9e6809a4d4953b98cc97564f296c76c7
-
SHA512
8094541ce7f82f29a839032e1f02ddfd3af4609dd3290331b03f464bdfe1452d436389a2b0c3e6a71f6862af234f92d203cc0d78d9d545626d6c00b2d554c11e
-
SSDEEP
12288:asHzOUNUSB/o5LsI1uwajJ5yvv1l2kNtrg1C0WE7sm6CzptWNshs5:NiUmSB/o5d1ubcv9rgI0Dsm6iesho
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://inhanoi.net.vn - Port:
21 - Username:
[email protected] - Password:
^TSt3!FK$UBA
Targets
-
-
Target
53a30e8407b39ef82ac0fa734104f72e9e6809a4d4953b98cc97564f296c76c7
-
Size
617KB
-
MD5
0df385231fbf92792d199d6bcae3e6a1
-
SHA1
60d99ece0ec82ee0f4e6f6fe273212f3f6795583
-
SHA256
53a30e8407b39ef82ac0fa734104f72e9e6809a4d4953b98cc97564f296c76c7
-
SHA512
8094541ce7f82f29a839032e1f02ddfd3af4609dd3290331b03f464bdfe1452d436389a2b0c3e6a71f6862af234f92d203cc0d78d9d545626d6c00b2d554c11e
-
SSDEEP
12288:asHzOUNUSB/o5LsI1uwajJ5yvv1l2kNtrg1C0WE7sm6CzptWNshs5:NiUmSB/o5d1ubcv9rgI0Dsm6iesho
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-