General
-
Target
19f5bfc25207d58db1cdca463d599aa7ba4570295598e4561e7c3bbe17c3c026
-
Size
1.2MB
-
Sample
240430-bw6q2sgd58
-
MD5
a940d2489d86c9c34ec8c1b9b7927573
-
SHA1
5a34380e8943c5a19329b7d7f415dbe01b439dcd
-
SHA256
19f5bfc25207d58db1cdca463d599aa7ba4570295598e4561e7c3bbe17c3c026
-
SHA512
c6b58a742a56f82dbf1bc76f79d2ee2bea6677bcb742efd70f61aafbd0a1cf6a371beed17522ca2fbc921d86322b6eba69437b567b7c30cc98691aa1d55f825a
-
SSDEEP
12288:H+DbgkB778QeiV3J66+iOEn6vYgNxb4PdtExCsuMc/5uav3:2gkBbVZ6fsnA9u/ExCXMaku
Static task
static1
Behavioral task
behavioral1
Sample
πληρωμή Απριλίου IF01200022823418 2024.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
πληρωμή Απριλίου IF01200022823418 2024.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.jeepcommerce.rs - Port:
21 - Username:
[email protected] - Password:
q[0r3BqZHV[u
Extracted
Protocol: ftp- Host:
ftp.jeepcommerce.rs - Port:
21 - Username:
[email protected] - Password:
q[0r3BqZHV[u
Targets
-
-
Target
πληρωμή Απριλίου IF01200022823418 2024.exe
-
Size
696KB
-
MD5
39304ac132c41f0ec4f6326472b0ddc7
-
SHA1
c0a3b1a43e8cfe07e3d49b702c757eab55cbd8f8
-
SHA256
ade712505d4909a37affcf6c58a558669807bde40851f49fc354ccb6e9f5dff2
-
SHA512
96a7c01a5b78c1d96d25b4e5b2140dbe96a36af53301269619c7b7aa17621548b2edb2dea2f96bacb729945479795d67049db785a781bc1e7b4c1f1fae698967
-
SSDEEP
12288:Y+DbgkB778QeiV3J66+iOEn6vYgNxb4PdtExCsuMc/5uav3:ZgkBbVZ6fsnA9u/ExCXMaku
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-