General
-
Target
1b836888dacc8feeddae02ee6b7451b13450c8b01df32a9cbb3401d6549f0006
-
Size
693KB
-
Sample
240612-b7fzrsybja
-
MD5
5b289698231b48cb0762ff5ad0dc0b39
-
SHA1
8061af867135a6b7aa2620dbeba27f470c871d61
-
SHA256
1b836888dacc8feeddae02ee6b7451b13450c8b01df32a9cbb3401d6549f0006
-
SHA512
bbca22a2114e9efb923e8f32480b7b532adfa14398f61e15ff888c4b572858b64d6614ae3c91b7582a5da8da9078bfcef347cb84cfae60e728201524b862a0fd
-
SSDEEP
12288:0W/RA5STkep6Mlqnl3LkcBDVXFamBD/UFHn0JkrBSxF6w7RTIYCNp:0Mm5SH6MIl3LkGDhsmD/U0yO7xItNp
Static task
static1
Behavioral task
behavioral1
Sample
1b836888dacc8feeddae02ee6b7451b13450c8b01df32a9cbb3401d6549f0006.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
1b836888dacc8feeddae02ee6b7451b13450c8b01df32a9cbb3401d6549f0006.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.svetigeorgije.co.rs - Port:
21 - Username:
[email protected] - Password:
4c5H&b2whkD9
Targets
-
-
Target
1b836888dacc8feeddae02ee6b7451b13450c8b01df32a9cbb3401d6549f0006
-
Size
693KB
-
MD5
5b289698231b48cb0762ff5ad0dc0b39
-
SHA1
8061af867135a6b7aa2620dbeba27f470c871d61
-
SHA256
1b836888dacc8feeddae02ee6b7451b13450c8b01df32a9cbb3401d6549f0006
-
SHA512
bbca22a2114e9efb923e8f32480b7b532adfa14398f61e15ff888c4b572858b64d6614ae3c91b7582a5da8da9078bfcef347cb84cfae60e728201524b862a0fd
-
SSDEEP
12288:0W/RA5STkep6Mlqnl3LkcBDVXFamBD/UFHn0JkrBSxF6w7RTIYCNp:0Mm5SH6MIl3LkGDhsmD/U0yO7xItNp
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-