General
-
Target
Νέα παραγγελία 4503533950_7685434467890.gz
-
Size
528KB
-
Sample
240429-q8hx3scb78
-
MD5
cb1b20632045714867e7150823533872
-
SHA1
963bf14d3bc753a48a0e8ca3f6be6c1f47e84e69
-
SHA256
75ef5347b89c022e71d95b571ba2b22d0c5735f9897eae8d41e20e0645d536ce
-
SHA512
2d677548085bfa7d74c22d95aa8c16f879f95d42c289db340a923fa9c4703c968dee5647e33cc5267fe6674ad1c1e7cc84c70e3c2f1ecf54be9b66164200b99d
-
SSDEEP
12288:oAWBbmKZGoCPG1szBHh0Mqy7jSg6LUK3pIVv9vszIMkPH:oA0mboC59yjyXSVYK69kzaH
Static task
static1
Behavioral task
behavioral1
Sample
Νέα παραγγελία 4503533950_7685434467890.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Νέα παραγγελία 4503533950_7685434467890.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.corpsa.net - Port:
21 - Username:
[email protected] - Password:
-E~O8rekW5UT
Targets
-
-
Target
Νέα παραγγελία 4503533950_7685434467890.exe
-
Size
1018KB
-
MD5
dbd4f010589c6f113ad887ac66e4a145
-
SHA1
3b527e5c758fbfd5f033b965b521f8b8c688b33f
-
SHA256
c8e9d5272f7c20ac0d0de39130700a849e215f495e1b56f77d6ed26e5ff29593
-
SHA512
8a7b3bf80675450030bc8c8d2b5f3a1460736dc7dabbed0f80f2f158128a2f67fd13c99a523df75fc156559439918809c9dda129744b1ae39d98aa3bef618bea
-
SSDEEP
24576:UAHnh+eWsN3skA4RV1Hom2KXMmHaruGKBGcyG5:jh+ZkldoPK8YarNKYy
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-