General
-
Target
3265291a959f56551dc3b51b26d75b088a25d26c86a91bfe9e7581b5677024e7
-
Size
705KB
-
Sample
240523-bsehdsgd6z
-
MD5
8d599a2ceba45b59bd4918c6699b94ee
-
SHA1
a5943b4d3c04200cf27216cb7b985db537b9e6c0
-
SHA256
3265291a959f56551dc3b51b26d75b088a25d26c86a91bfe9e7581b5677024e7
-
SHA512
55ba1dd1e372cb58bd64e162f634350bab40f8f737c00f26a92faf0b6b1f693f0f0f93474f759bebd572b05acc1ee1f5a6f23c8328b7cee8d741612c472d41fb
-
SSDEEP
12288:ux1bAPIvJc0gPU0OjtdkL54aQj+kSci8JArPoPv2RnOFdYMjhvPie/rByY77777z:ux1AsJcm02dkCTj+k7vJAMPv2FOFdYMH
Static task
static1
Behavioral task
behavioral1
Sample
3265291a959f56551dc3b51b26d75b088a25d26c86a91bfe9e7581b5677024e7.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
3265291a959f56551dc3b51b26d75b088a25d26c86a91bfe9e7581b5677024e7.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.elquijotebanquetes.com - Port:
21 - Username:
[email protected] - Password:
-GN,s*KH{VEhPmo)+f
Extracted
Protocol: ftp- Host:
ftp.elquijotebanquetes.com - Port:
21 - Username:
[email protected] - Password:
-GN,s*KH{VEhPmo)+f
Targets
-
-
Target
3265291a959f56551dc3b51b26d75b088a25d26c86a91bfe9e7581b5677024e7
-
Size
705KB
-
MD5
8d599a2ceba45b59bd4918c6699b94ee
-
SHA1
a5943b4d3c04200cf27216cb7b985db537b9e6c0
-
SHA256
3265291a959f56551dc3b51b26d75b088a25d26c86a91bfe9e7581b5677024e7
-
SHA512
55ba1dd1e372cb58bd64e162f634350bab40f8f737c00f26a92faf0b6b1f693f0f0f93474f759bebd572b05acc1ee1f5a6f23c8328b7cee8d741612c472d41fb
-
SSDEEP
12288:ux1bAPIvJc0gPU0OjtdkL54aQj+kSci8JArPoPv2RnOFdYMjhvPie/rByY77777z:ux1AsJcm02dkCTj+k7vJAMPv2FOFdYMH
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-