General
-
Target
PEDIDO DE COMPRA-I122825.exe
-
Size
652KB
-
Sample
240429-lesg7sff2v
-
MD5
998c2370279a1b790a862e310ebd0ef7
-
SHA1
ca3ce7e3e72e30834c85c053e95a6e900208fde4
-
SHA256
53c30e1c286111c4905f6b29f0afb1bf13502396e0bf16dfdd855ba50503035f
-
SHA512
6dae6952c049942dab052efc495cdb368bd6aa7e36af6e7eba6164597614863aff0ffc2f72a62bb83027edc326195962f268425c19eb9b2a491172dcc84fa3e1
-
SSDEEP
12288:Cr4OHp3Cte/1oQ5M4F6I7sEF+zZn9O+UC1eS8DMZBzQQB7fQn2cWjoI:28tEqIN0n9O+2S88hpfQnrA
Static task
static1
Behavioral task
behavioral1
Sample
PEDIDO DE COMPRA-I122825.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
PEDIDO DE COMPRA-I122825.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.indra-precision.co.th - Port:
21 - Username:
[email protected] - Password:
UW8f$y[fBOEs
Targets
-
-
Target
PEDIDO DE COMPRA-I122825.exe
-
Size
652KB
-
MD5
998c2370279a1b790a862e310ebd0ef7
-
SHA1
ca3ce7e3e72e30834c85c053e95a6e900208fde4
-
SHA256
53c30e1c286111c4905f6b29f0afb1bf13502396e0bf16dfdd855ba50503035f
-
SHA512
6dae6952c049942dab052efc495cdb368bd6aa7e36af6e7eba6164597614863aff0ffc2f72a62bb83027edc326195962f268425c19eb9b2a491172dcc84fa3e1
-
SSDEEP
12288:Cr4OHp3Cte/1oQ5M4F6I7sEF+zZn9O+UC1eS8DMZBzQQB7fQn2cWjoI:28tEqIN0n9O+2S88hpfQnrA
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-