General
-
Target
963bf14d3bc753a48a0e8ca3f6be6c1f47e84e69.rar.tar.gz
-
Size
528KB
-
Sample
240429-jll8nadf93
-
MD5
6280109b7cd12fcc6695cb429d49d2f5
-
SHA1
b8c33e0c06e49255c66be1bdc456fae2e00d68b0
-
SHA256
a14d645e118d838d68bcde88cd3dc88bd7fa6ff95a04e3ff3e1f8916e1984b65
-
SHA512
298e96260cf15746d0daf866a78e533f95bcbcaee97266c5c9ca9bd20d3aab35032c951b25a23bb552cac18660070e1f89c7450d48116e92d9c0b87d260346d9
-
SSDEEP
12288:pGj8dTp2LzLdoKVMpw/ZwENfsPPUAinEoEIzNpnFaIwrJLi:pTp2SKew/ZxsXUDnppNpFsi
Static task
static1
Behavioral task
behavioral1
Sample
Νέα παραγγελία 4503533950_7685434467890.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Νέα παραγγελία 4503533950_7685434467890.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.corpsa.net - Port:
21 - Username:
[email protected] - Password:
-E~O8rekW5UT
Targets
-
-
Target
Νέα παραγγελία 4503533950_7685434467890.exe
-
Size
1018KB
-
MD5
dbd4f010589c6f113ad887ac66e4a145
-
SHA1
3b527e5c758fbfd5f033b965b521f8b8c688b33f
-
SHA256
c8e9d5272f7c20ac0d0de39130700a849e215f495e1b56f77d6ed26e5ff29593
-
SHA512
8a7b3bf80675450030bc8c8d2b5f3a1460736dc7dabbed0f80f2f158128a2f67fd13c99a523df75fc156559439918809c9dda129744b1ae39d98aa3bef618bea
-
SSDEEP
24576:UAHnh+eWsN3skA4RV1Hom2KXMmHaruGKBGcyG5:jh+ZkldoPK8YarNKYy
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-