General
-
Target
a6f8570085437405d85d668fb6247a9ede83b7bd2005efbaf6c9fff62ea33203.exe
-
Size
1.5MB
-
Sample
240522-r1bpgaef29
-
MD5
add9f3b243e1b69cc4ba4c336a1cb03a
-
SHA1
edfc85a5010db4c029d987df6df2bbafa9b0fcd6
-
SHA256
a6f8570085437405d85d668fb6247a9ede83b7bd2005efbaf6c9fff62ea33203
-
SHA512
c10d1a96b83eabb9c429abe21c54cb5c59d6f29a0263efb2ecb0c3e1c28d3ba9cb85cabc4b483cdb20e2cad57836f547e7a0538adfabb83be1917c75aa5c38b0
-
SSDEEP
24576:HXEo56LpdQD5tpywgrcZC6rJhgtkxPPAAPx2cAYDphEVvrss4PXtLIfzNmpLLGVz:cCPQnVvoLX8yLKrYWtjxX
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.tekserendustriyel.com - Port:
21 - Username:
[email protected] - Password:
chuzy2024@
Extracted
Protocol: ftp- Host:
ftp.tekserendustriyel.com - Port:
21 - Username:
[email protected] - Password:
chuzy2024@
Targets
-
-
Target
a6f8570085437405d85d668fb6247a9ede83b7bd2005efbaf6c9fff62ea33203.exe
-
Size
1.5MB
-
MD5
add9f3b243e1b69cc4ba4c336a1cb03a
-
SHA1
edfc85a5010db4c029d987df6df2bbafa9b0fcd6
-
SHA256
a6f8570085437405d85d668fb6247a9ede83b7bd2005efbaf6c9fff62ea33203
-
SHA512
c10d1a96b83eabb9c429abe21c54cb5c59d6f29a0263efb2ecb0c3e1c28d3ba9cb85cabc4b483cdb20e2cad57836f547e7a0538adfabb83be1917c75aa5c38b0
-
SSDEEP
24576:HXEo56LpdQD5tpywgrcZC6rJhgtkxPPAAPx2cAYDphEVvrss4PXtLIfzNmpLLGVz:cCPQnVvoLX8yLKrYWtjxX
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-