General
-
Target
870973cd645d6cc18bfa1e9e95c1ba7837ed46fcdd04569fc03475baa84d1165
-
Size
3.4MB
-
Sample
240430-bw478agh31
-
MD5
b7b135030bb68eaf0216005ade7bdf5c
-
SHA1
3c827e3c9bdb7bc3b24bbd07fcb40ef642d02f6c
-
SHA256
870973cd645d6cc18bfa1e9e95c1ba7837ed46fcdd04569fc03475baa84d1165
-
SHA512
b315d4274669febd5cfdabd89061d8324ba1044076790a556aacbacfbacef610a6973c38639c054343f3e472f678915a2d45e88545e04123472068793498d988
-
SSDEEP
49152:dp98Mq2HVhpanF+p1Tjr90vkvGhETXqfi77robXgpJGpAJobrSyuJzflk5QeAC+9:dR1hW+R0P6X9rAgD83NX0VtUlFGp
Static task
static1
Behavioral task
behavioral1
Sample
870973cd645d6cc18bfa1e9e95c1ba7837ed46fcdd04569fc03475baa84d1165.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
870973cd645d6cc18bfa1e9e95c1ba7837ed46fcdd04569fc03475baa84d1165.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.normagroup.com.tr - Port:
21 - Username:
[email protected] - Password:
ab+LNvim5PAo
Extracted
Protocol: ftp- Host:
ftp.normagroup.com.tr - Port:
21 - Username:
[email protected] - Password:
ab+LNvim5PAo
Targets
-
-
Target
870973cd645d6cc18bfa1e9e95c1ba7837ed46fcdd04569fc03475baa84d1165
-
Size
3.4MB
-
MD5
b7b135030bb68eaf0216005ade7bdf5c
-
SHA1
3c827e3c9bdb7bc3b24bbd07fcb40ef642d02f6c
-
SHA256
870973cd645d6cc18bfa1e9e95c1ba7837ed46fcdd04569fc03475baa84d1165
-
SHA512
b315d4274669febd5cfdabd89061d8324ba1044076790a556aacbacfbacef610a6973c38639c054343f3e472f678915a2d45e88545e04123472068793498d988
-
SSDEEP
49152:dp98Mq2HVhpanF+p1Tjr90vkvGhETXqfi77robXgpJGpAJobrSyuJzflk5QeAC+9:dR1hW+R0P6X9rAgD83NX0VtUlFGp
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-