General
-
Target
29a1335cb67bd3fb03b6910a91eb2b548087efd7af312a98b0a9f81d7e505d60
-
Size
1020KB
-
Sample
240430-bkhvvagc7w
-
MD5
45265cd10096393e8837e7f8c66e6ace
-
SHA1
825509f9cc5206a5f6552290897c5c07303d9027
-
SHA256
29a1335cb67bd3fb03b6910a91eb2b548087efd7af312a98b0a9f81d7e505d60
-
SHA512
6fabb6a09eca426c2793e02bb3c524fb00f5039ac129327b0724c361f307b247c12671988a88d2a4accbc0bcffce2793829fc8dc3ce5238faba437e9eb31bd83
-
SSDEEP
24576:7AHnh+eWsN3skA4RV1Hom2KXMmHasazB8phqxWy5:Wh+ZkldoPK8Yaswj
Static task
static1
Behavioral task
behavioral1
Sample
29a1335cb67bd3fb03b6910a91eb2b548087efd7af312a98b0a9f81d7e505d60.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
29a1335cb67bd3fb03b6910a91eb2b548087efd7af312a98b0a9f81d7e505d60.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.elquijotebanquetes.com - Port:
21 - Username:
[email protected] - Password:
-GN,s*KH{VEhPmo)+f
Targets
-
-
Target
29a1335cb67bd3fb03b6910a91eb2b548087efd7af312a98b0a9f81d7e505d60
-
Size
1020KB
-
MD5
45265cd10096393e8837e7f8c66e6ace
-
SHA1
825509f9cc5206a5f6552290897c5c07303d9027
-
SHA256
29a1335cb67bd3fb03b6910a91eb2b548087efd7af312a98b0a9f81d7e505d60
-
SHA512
6fabb6a09eca426c2793e02bb3c524fb00f5039ac129327b0724c361f307b247c12671988a88d2a4accbc0bcffce2793829fc8dc3ce5238faba437e9eb31bd83
-
SSDEEP
24576:7AHnh+eWsN3skA4RV1Hom2KXMmHasazB8phqxWy5:Wh+ZkldoPK8Yaswj
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-