General
-
Target
3508ded525f922554785a5b09b9d592c5ce119f498e0183be2993317c1fce1a0
-
Size
1.4MB
-
Sample
240522-b759nagf7s
-
MD5
857bf798ce8d15899e5775102e0e1f05
-
SHA1
4762c78cfb7dbae478fcc8fcb4f556b5f7381212
-
SHA256
3508ded525f922554785a5b09b9d592c5ce119f498e0183be2993317c1fce1a0
-
SHA512
02a45cbce1b606dbd2c1646d0732e0286ea46fe20eccc9822c40f6e0eb7fe092bd2184e82b5d75356437303ee48f591a8338183b38062c3348e43fefa0f6c9ea
-
SSDEEP
12288:27x504bFtx504bFWxFbNmB6OWcaVSxZPapPEoJPz7ls1sebSe29myX37/:2w4bjw4b2bO4kxkauC1beTn7
Static task
static1
Behavioral task
behavioral1
Sample
NAROČILNICA I2105024.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
NAROČILNICA I2105024.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.indra-precision.co.th - Port:
21 - Username:
[email protected] - Password:
(8VnO^JKZAew
Extracted
Protocol: ftp- Host:
ftp.indra-precision.co.th - Port:
21 - Username:
[email protected] - Password:
(8VnO^JKZAew
Targets
-
-
Target
NAROČILNICA I2105024.exe
-
Size
844KB
-
MD5
32c950ffab59824fb94ee4f5056b3018
-
SHA1
ec69800f580cff0b5c5882e3cb21911c727b3d10
-
SHA256
f0e2ca908eb6eee94fb0d1d7abae46e1c9fdd4ebec82c07bdc63bd68e5dbcdf1
-
SHA512
0ffdddb196048b4b0d6ae81415ff1799a4557d1f6ca87ad43a4b9e4a1fbfba06c2e1b8d698d7e5770df738610b8c7574562c1f98ac271b2498dfbb42163403f1
-
SSDEEP
12288:T7x504bFtx504bFWxFbNmB6OWcaVSxZPapPEoJPz7ls1sebSe29myX37/:nw4bjw4b2bO4kxkauC1beTn7
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-