General
-
Target
TACC-RFQ-PI-13_Butterfly valve_Rev.A.pdf.lzh
-
Size
626KB
-
Sample
240523-ety5zade5x
-
MD5
eb36a614ae2193be9182dc46691e5371
-
SHA1
1e51cd1612c30afcda80c7c77383148991a2be25
-
SHA256
9282346dd6dc5b094fbdd4b485d60b771acd1b43cf4530c22d94c362e4a2bef6
-
SHA512
aa0cf2f77540c72985fa750f9f10477b969008694272b22cd253382cbbf6c4e3378ac53da87c0750dfea5d963d6b4245bd34567ba4f147c0bd11def8cc1fefda
-
SSDEEP
12288:I1mXzkKj+SJPYnSdByVQc0UgDwoBY5Xu59vBtXG/rzMq7bHsqKbhU:T4Qze+xc0UgMoq5Xu5PtXG/rQiHuU
Static task
static1
Behavioral task
behavioral1
Sample
TACC-RFQ-PI-13_Butterfly valve_Rev.A.pdf.scr
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
TACC-RFQ-PI-13_Butterfly valve_Rev.A.pdf.scr
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://beirutrest.com - Port:
21 - Username:
[email protected] - Password:
9yXQ39wz(uL+
Extracted
Protocol: ftp- Host:
beirutrest.com - Port:
21 - Username:
[email protected] - Password:
9yXQ39wz(uL+
Targets
-
-
Target
TACC-RFQ-PI-13_Butterfly valve_Rev.A.pdf.scr
-
Size
885KB
-
MD5
e0aae0a51770c67455c157cf43d126b7
-
SHA1
7367c78689605f68805278b6c432c2647bdc8052
-
SHA256
a7f1534184bf76301f1bdd6e146dc362f18bfd318bebb3a495909d30ba263d63
-
SHA512
bccef6d974ffb219ba251992e3f438cc7c90546e4ebb64e6878134bea118be954bfb57962684a0cc0d0762e2cfabe0cf6e95485984202e56a02ffc262f3b8c1b
-
SSDEEP
12288:/8ackACQzq9OjFcqRgVeDgNWdnlVuNH+pV+9318vFeszTmRt4wKD2trqEf:/8MAC4quJsesNiH0C+8u4wKD2RqC
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-