General
-
Target
8c8f6c263d24354338e5d2d50d671a6e529d902be66962dab85932a326477e75
-
Size
1019KB
-
Sample
240522-xkwbtscg31
-
MD5
ca82319fef771a184d1f98750e5bbb21
-
SHA1
11893474d3fd90f57cde4f16bfc153b4448d1363
-
SHA256
8c8f6c263d24354338e5d2d50d671a6e529d902be66962dab85932a326477e75
-
SHA512
f84517ddb447def1f621a468e442cf5ffd4fdff90a2df35f88df059bfddbd0d4cf336e94b8af5e2cd2ce79cc6c372e20171931deb3af5fdf15f3092e3b7dcd3c
-
SSDEEP
24576:NAHnh+eWsN3skA4RV1Hom2KXMmHazXBHMfJ5:sh+ZkldoPK8YazXBHA
Static task
static1
Behavioral task
behavioral1
Sample
8c8f6c263d24354338e5d2d50d671a6e529d902be66962dab85932a326477e75.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
8c8f6c263d24354338e5d2d50d671a6e529d902be66962dab85932a326477e75.exe
Resource
win11-20240426-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.midhcodistribuciones.com - Port:
21 - Username:
[email protected] - Password:
,A7}+JV4KExQ
Targets
-
-
Target
8c8f6c263d24354338e5d2d50d671a6e529d902be66962dab85932a326477e75
-
Size
1019KB
-
MD5
ca82319fef771a184d1f98750e5bbb21
-
SHA1
11893474d3fd90f57cde4f16bfc153b4448d1363
-
SHA256
8c8f6c263d24354338e5d2d50d671a6e529d902be66962dab85932a326477e75
-
SHA512
f84517ddb447def1f621a468e442cf5ffd4fdff90a2df35f88df059bfddbd0d4cf336e94b8af5e2cd2ce79cc6c372e20171931deb3af5fdf15f3092e3b7dcd3c
-
SSDEEP
24576:NAHnh+eWsN3skA4RV1Hom2KXMmHazXBHMfJ5:sh+ZkldoPK8YazXBHA
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-