General
-
Target
b6ea9b4213f10cb86cd86b59fe6994766bb905ee6071829fd69179510721b9e5
-
Size
1.2MB
-
Sample
240604-b151bahe55
-
MD5
2d316e17e6ad0666629f7ac64dcee335
-
SHA1
655c29d8b7b1c37b596b5f3b76a6e0a64ce5727f
-
SHA256
b6ea9b4213f10cb86cd86b59fe6994766bb905ee6071829fd69179510721b9e5
-
SHA512
973dce112c56e43e363e4d626a30ab50216f0422e02c8c5254072f87390513efcb61c8dd402f60f889b53f4f30b9f028624290d8ed9c1b77af3a3db702a69f28
-
SSDEEP
12288:Wo9Kt/rFfatK/yQJGUEybrmnR9JHVaJX1hMoNNdQDh3a1z9GDALTj6Bi+1hcAkCc:H9KN5itYRIL7LSvhMwNdQKZR0x1CO
Static task
static1
Behavioral task
behavioral1
Sample
64400398 M-08177-MM-24.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.klptruck.hu - Port:
21 - Username:
[email protected] - Password:
kCu}[Z7z+)S[
Extracted
Protocol: ftp- Host:
ftp.klptruck.hu - Port:
21 - Username:
[email protected] - Password:
kCu}[Z7z+)S[
Targets
-
-
Target
64400398 M-08177-MM-24.exe
-
Size
706KB
-
MD5
7d4864ff5549a237a00bf9f48175960c
-
SHA1
2efc4551b6b4e849b1bb5d8342a7777c42bf1641
-
SHA256
a815b9dc9f3752c4bde423ed58b020cc7ef37a14fc18b71de803cb2ac3cde584
-
SHA512
556cb44837db58cb9218c5ca983b9fa9eec21f67777422a178183d338cf0c26df031867b932713ba562ace137edb79a230c1e948542edc6b1acefc65125f5806
-
SSDEEP
12288:Eo9Kt/rFfatK/yQJGUEybrmnR9JHVaJX1hMoNNdQDh3a1z9GDALTj6Bi+1hcAkCc:p9KN5itYRIL7LSvhMwNdQKZR0x1CO
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-