General
-
Target
bd1dd490ab3f2c5e290eac8df9030c4a11e089440cbf50bd147d172a372845c7
-
Size
1017KB
-
Sample
240524-bpkj8sgb97
-
MD5
9a7522adae60721dee2e0e3650ef9136
-
SHA1
14532214ab7cd32811ab6506670c2374742bf548
-
SHA256
bd1dd490ab3f2c5e290eac8df9030c4a11e089440cbf50bd147d172a372845c7
-
SHA512
9a1057e4461559fac52b617680e82ed3f6691b58c64b1e2d02c7075bd7a15166bdc1a57d68b9475c2462eaad04519696b3fde4f9a2ecd00d0e9e0530f63c2b4c
-
SSDEEP
24576:AAHnh+eWsN3skA4RV1Hom2KXMmHahqxLca0rJyq75:3h+ZkldoPK8YahqxCES
Static task
static1
Behavioral task
behavioral1
Sample
bd1dd490ab3f2c5e290eac8df9030c4a11e089440cbf50bd147d172a372845c7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bd1dd490ab3f2c5e290eac8df9030c4a11e089440cbf50bd147d172a372845c7.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.corpsa.net - Port:
21 - Username:
[email protected] - Password:
-E~O8rekW5UT
Targets
-
-
Target
bd1dd490ab3f2c5e290eac8df9030c4a11e089440cbf50bd147d172a372845c7
-
Size
1017KB
-
MD5
9a7522adae60721dee2e0e3650ef9136
-
SHA1
14532214ab7cd32811ab6506670c2374742bf548
-
SHA256
bd1dd490ab3f2c5e290eac8df9030c4a11e089440cbf50bd147d172a372845c7
-
SHA512
9a1057e4461559fac52b617680e82ed3f6691b58c64b1e2d02c7075bd7a15166bdc1a57d68b9475c2462eaad04519696b3fde4f9a2ecd00d0e9e0530f63c2b4c
-
SSDEEP
24576:AAHnh+eWsN3skA4RV1Hom2KXMmHahqxLca0rJyq75:3h+ZkldoPK8YahqxCES
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-