General
-
Target
8c9a8a88ada0df4ba50abf70fae1a780.bin
-
Size
29KB
-
Sample
240428-bzfc9sdb79
-
MD5
053cc39ccaa7f8179d360758863641e0
-
SHA1
f60f385bfa744f6ce7fed418cad7f6436eb2d808
-
SHA256
06931ce95d25b0fd0bcd5659228516279e786018c6b9344446cbda0be183471c
-
SHA512
5faf9bf3c068b9bd72404b41e9df1a6cf19343a02bf9fd34554bf628609e6dd8abadcbd74f6ad27df16d01b9a2c24a8e462c74138fe9f84c5823cbd838e1dd25
-
SSDEEP
768:Swf2OF2fOmutJ4gLCNVkaNvH/l5ffDCSdzTFjLfUFzE:Sw32fSt2gLCNbNvH/l5TtTFjLfUFzE
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.concaribe.com - Port:
21 - Username:
[email protected] - Password:
2ogFj^8ECV(?
Targets
-
-
Target
PONO6188.vbs
-
Size
59KB
-
MD5
3c00879a0e4e4a7d7b78bb8611bcc94f
-
SHA1
3ddd2f54b7fb54df60134318515fd61b119bc46f
-
SHA256
94ffc7bec0cef06550d739bc5014a3232c9218a50524de0464b53b6dbbd7ed5f
-
SHA512
4dfce826cf9f7456dd981b4a1b4c985d75c9c849434a94c5987bd08fe037217b5160441e23072c498b5e9c93e2d00d8c6e814ea1736e68724aa461881ab1b31c
-
SSDEEP
1536:cdukLI1gPDPTxyk0MfFCNqnlAEfen8TCQr:Yukk1gPDJzoGaEWn8Tv
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-