General
-
Target
c79ea1eb600a853230a52e885317052da2f060c1af6db85bee4e93543933267c
-
Size
10KB
-
Sample
240522-bjgw6afe84
-
MD5
334ee6dea87c01c0d4b1804e3f7eed3b
-
SHA1
762d2482465dd7a09b97d564e647f5bfd79c17f0
-
SHA256
c79ea1eb600a853230a52e885317052da2f060c1af6db85bee4e93543933267c
-
SHA512
6b259f01dee9c933e9d61e6577df149eea3556baad26b47e984182eee52345b14925ad22e59e45617e0fab800e93d23828da7e75195a5614f850bd883ee7a6e8
-
SSDEEP
192:UeS/0kJGDkM8GAtgBRol+Au/ClUhjRyQsC0fW/jcV:UeI0kMkM8Btgva+seyhC0fOjcV
Static task
static1
Behavioral task
behavioral1
Sample
c79ea1eb600a853230a52e885317052da2f060c1af6db85bee4e93543933267c.xlsx
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c79ea1eb600a853230a52e885317052da2f060c1af6db85bee4e93543933267c.xlsx
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.grupovamex.com - Port:
21 - Username:
[email protected] - Password:
tTgUWMBntHIE
Targets
-
-
Target
c79ea1eb600a853230a52e885317052da2f060c1af6db85bee4e93543933267c
-
Size
10KB
-
MD5
334ee6dea87c01c0d4b1804e3f7eed3b
-
SHA1
762d2482465dd7a09b97d564e647f5bfd79c17f0
-
SHA256
c79ea1eb600a853230a52e885317052da2f060c1af6db85bee4e93543933267c
-
SHA512
6b259f01dee9c933e9d61e6577df149eea3556baad26b47e984182eee52345b14925ad22e59e45617e0fab800e93d23828da7e75195a5614f850bd883ee7a6e8
-
SSDEEP
192:UeS/0kJGDkM8GAtgBRol+Au/ClUhjRyQsC0fW/jcV:UeI0kMkM8Btgva+seyhC0fOjcV
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-