General
-
Target
8da6aadc3419b96a2b34caf60ef2789cbae62ab30e9c0e9ee310732875135160
-
Size
13KB
-
Sample
240521-b5rngsee8y
-
MD5
abd7575a75e2c4251a332f55d7066942
-
SHA1
40a4defa872ffb1a72f9e920a7e244f8c098adb0
-
SHA256
8da6aadc3419b96a2b34caf60ef2789cbae62ab30e9c0e9ee310732875135160
-
SHA512
f343fb67bc2f74668b1e1aefb70aed7888edc58430f2d3d80a763d194b7319d2f93805d655c7fdebb5249bfaa248d0cd8cd5c51fe7c36fe6477406b384c68b86
-
SSDEEP
384:myO014q2I5xomxJY+DVOkOavf5PcNof45PcNofHIOIp38uGWdvxjzQd5d+mY5f8d:nVNMy1NHegfIGyG331hT1QViV0
Static task
static1
Behavioral task
behavioral1
Sample
8da6aadc3419b96a2b34caf60ef2789cbae62ab30e9c0e9ee310732875135160.vbs
Resource
win7-20240419-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.lampadari.gr - Port:
21 - Username:
[email protected] - Password:
P8P[uVeJU=vh
Targets
-
-
Target
8da6aadc3419b96a2b34caf60ef2789cbae62ab30e9c0e9ee310732875135160
-
Size
13KB
-
MD5
abd7575a75e2c4251a332f55d7066942
-
SHA1
40a4defa872ffb1a72f9e920a7e244f8c098adb0
-
SHA256
8da6aadc3419b96a2b34caf60ef2789cbae62ab30e9c0e9ee310732875135160
-
SHA512
f343fb67bc2f74668b1e1aefb70aed7888edc58430f2d3d80a763d194b7319d2f93805d655c7fdebb5249bfaa248d0cd8cd5c51fe7c36fe6477406b384c68b86
-
SSDEEP
384:myO014q2I5xomxJY+DVOkOavf5PcNof45PcNofHIOIp38uGWdvxjzQd5d+mY5f8d:nVNMy1NHegfIGyG331hT1QViV0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-