General
-
Target
0b04c0f6f1049cccf44f646a51b831684179dde13f7de6c24020fffd653ec90a
-
Size
85KB
-
Sample
240511-bjqjasfc45
-
MD5
0a95eb4fe0f14eeb018e0f9488261092
-
SHA1
2a36232c5c469995576bf4cd944d4e0651661a65
-
SHA256
0b04c0f6f1049cccf44f646a51b831684179dde13f7de6c24020fffd653ec90a
-
SHA512
e1d4bda32e7eadc56d2edaf9908a9950b4549bdb67181b94e03a31adf5ce02004d6e15b17a0fef371fe63419c6c14c46c45698197b558473da07aeb49fb976f5
-
SSDEEP
1536:5EghNQcNcM+8HF2jUZMOdSJcKOT3UMM1Fe8t8fCXRzGJYPnPEAcif1P5RzhRPSU4:5VI8HEjUZMOdSJcVTKGY86c2ntcif1PO
Static task
static1
Behavioral task
behavioral1
Sample
0b04c0f6f1049cccf44f646a51b831684179dde13f7de6c24020fffd653ec90a.rtf
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
0b04c0f6f1049cccf44f646a51b831684179dde13f7de6c24020fffd653ec90a.rtf
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.folder.ro - Port:
21 - Username:
[email protected] - Password:
R2r76%(3v^H0
Targets
-
-
Target
0b04c0f6f1049cccf44f646a51b831684179dde13f7de6c24020fffd653ec90a
-
Size
85KB
-
MD5
0a95eb4fe0f14eeb018e0f9488261092
-
SHA1
2a36232c5c469995576bf4cd944d4e0651661a65
-
SHA256
0b04c0f6f1049cccf44f646a51b831684179dde13f7de6c24020fffd653ec90a
-
SHA512
e1d4bda32e7eadc56d2edaf9908a9950b4549bdb67181b94e03a31adf5ce02004d6e15b17a0fef371fe63419c6c14c46c45698197b558473da07aeb49fb976f5
-
SSDEEP
1536:5EghNQcNcM+8HF2jUZMOdSJcKOT3UMM1Fe8t8fCXRzGJYPnPEAcif1P5RzhRPSU4:5VI8HEjUZMOdSJcVTKGY86c2ntcif1PO
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-