General
-
Target
30052024_1400_28052024_20240528009490901.7z
-
Size
604KB
-
Sample
240530-ra5vmaca98
-
MD5
54ad9d17b4cd97a65f6f32e21f6af1da
-
SHA1
50c1263bf183158e5a6fe8ae644de249d8d8f4db
-
SHA256
9f78187cb5c9ba95484e1304fa4b3aa4fee3f8739dc4f630ff57cbe26302b025
-
SHA512
6e1f706c5abe9562841036017caf47b311dc15c52efa4ee0fae0aa0acfd9ffd179609d7f01fefe7ad6bbbf59250d323fd258f08af8a111abb8d4c79a75d008e7
-
SSDEEP
12288:1d+48p3MTNkRhO8sgJuoLgTUYC7M5qg5brJ15roEjRPjjN2Awce:3+Je8O8fiTV/q4rJ15Vh12ue
Static task
static1
Behavioral task
behavioral1
Sample
20240528009490901.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
20240528009490901.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.tekserendustriyel.com - Port:
21 - Username:
[email protected] - Password:
chuzy2024@
Targets
-
-
Target
20240528009490901.exe
-
Size
632KB
-
MD5
1cd639f59b5542c6039017ae411576b9
-
SHA1
73b455677ed8eeeb1889353f6c44cfbd798ddf2d
-
SHA256
abab70a9bc9ed4996f66228fcfbd472a1fbbee16f2fc3632c90f0141e2e591aa
-
SHA512
8537a828b9556e0c7a1b6fdfdd8314b2a55177b0d1b12ae6c6a463e25e2200ef98567bdda96acee0a4f9bec06612237cb08dfbf5668a54288c0452a0680f4e85
-
SSDEEP
12288:FiC3MTNklUBNhg28oUgTyYCWM51z4wyJ1MmmijaPjbN2ddcD:IXfBNpHTnk1DyJ1MeO12YD
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-