General
-
Target
b41d04697130c4f5a778445a2749159e2b916a977e58e51c661f24ff9daf9a8d
-
Size
80KB
-
Sample
240521-b53ezseb73
-
MD5
fe81cc3260673cd3e503ef584176c92e
-
SHA1
f4f53164c7da1534646406978ceda34385f3c485
-
SHA256
b41d04697130c4f5a778445a2749159e2b916a977e58e51c661f24ff9daf9a8d
-
SHA512
fb5ad723a85cc1b08ebc4be1acf3e59b2c9a55073e91436a1348e9dfde62b5ddf333f69ec2336c7bcf7b7dbdd0ce7a8e4c3fa6d09aaf1ae8ae19d0d04efb19ff
-
SSDEEP
1536:/IGmXm4zGHvQ6a952dI1BMWjM3CEF/7GmqbMY7usiY9hkp:/MrzLtPPSD7GmCMY7pdkp
Static task
static1
Behavioral task
behavioral1
Sample
b41d04697130c4f5a778445a2749159e2b916a977e58e51c661f24ff9daf9a8d.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
b41d04697130c4f5a778445a2749159e2b916a977e58e51c661f24ff9daf9a8d.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.antoniomayol.com - Port:
21 - Username:
[email protected] - Password:
cMhKDQUk1{;%
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.antoniomayol.com:21 - Port:
21 - Username:
[email protected] - Password:
cMhKDQUk1{;%
Targets
-
-
Target
b41d04697130c4f5a778445a2749159e2b916a977e58e51c661f24ff9daf9a8d
-
Size
80KB
-
MD5
fe81cc3260673cd3e503ef584176c92e
-
SHA1
f4f53164c7da1534646406978ceda34385f3c485
-
SHA256
b41d04697130c4f5a778445a2749159e2b916a977e58e51c661f24ff9daf9a8d
-
SHA512
fb5ad723a85cc1b08ebc4be1acf3e59b2c9a55073e91436a1348e9dfde62b5ddf333f69ec2336c7bcf7b7dbdd0ce7a8e4c3fa6d09aaf1ae8ae19d0d04efb19ff
-
SSDEEP
1536:/IGmXm4zGHvQ6a952dI1BMWjM3CEF/7GmqbMY7usiY9hkp:/MrzLtPPSD7GmCMY7pdkp
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-