General
-
Target
cd929e302152588c08aee9bc040485888ac84e188564899292b507e8b5139ea7
-
Size
707KB
-
Sample
240519-bek31sab88
-
MD5
21d7a76dbe8b9efd58fdb8adf08a583b
-
SHA1
76cc4a2d1bf50f55323234ac398365efebce130f
-
SHA256
cd929e302152588c08aee9bc040485888ac84e188564899292b507e8b5139ea7
-
SHA512
ae03c208d7923d73259d53d1700a6d743f838d85cde12a49497c7f07370542519e2edad2bfba6341aabe017fac01bec7de3dcd8f6faf804e3d38bfa152ef26e8
-
SSDEEP
12288:XShZ2iN3skSKSIwFLTXXaKSQT64GJypp3ITkQSfkGb5Fp9cva5kpqxckJvshPQny:XS/19JSNIMPXaKS+6Cp0kXt6va5kpPkE
Static task
static1
Behavioral task
behavioral1
Sample
cd929e302152588c08aee9bc040485888ac84e188564899292b507e8b5139ea7.exe
Resource
win7-20240220-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.jeepcommerce.rs - Port:
21 - Username:
[email protected] - Password:
q[0r3BqZHV[u
Targets
-
-
Target
cd929e302152588c08aee9bc040485888ac84e188564899292b507e8b5139ea7
-
Size
707KB
-
MD5
21d7a76dbe8b9efd58fdb8adf08a583b
-
SHA1
76cc4a2d1bf50f55323234ac398365efebce130f
-
SHA256
cd929e302152588c08aee9bc040485888ac84e188564899292b507e8b5139ea7
-
SHA512
ae03c208d7923d73259d53d1700a6d743f838d85cde12a49497c7f07370542519e2edad2bfba6341aabe017fac01bec7de3dcd8f6faf804e3d38bfa152ef26e8
-
SSDEEP
12288:XShZ2iN3skSKSIwFLTXXaKSQT64GJypp3ITkQSfkGb5Fp9cva5kpqxckJvshPQny:XS/19JSNIMPXaKS+6Cp0kXt6va5kpPkE
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-