General
-
Target
30b3c55e9fcacf75c3a7828f14b42241b9472871f53a24e668e14fd971beb513
-
Size
1.0MB
-
Sample
240612-brerrsxeqj
-
MD5
f4b27282b2b52ba3550e2cf48ed5d098
-
SHA1
48f88ed37fc4f27c791dfa09c1c33f23b493704b
-
SHA256
30b3c55e9fcacf75c3a7828f14b42241b9472871f53a24e668e14fd971beb513
-
SHA512
2bec9b28c6694c9455af79397a19446dec688e2b7014ab7381055cf31331ef4d9339978653ca289ddd4adda3402bc3b6be9d98dcaa47c0befd4c847cf6d081dd
-
SSDEEP
24576:sAHnh+eWsN3skA4RV1Hom2KXMmHa2SSaqhFi/5:Lh+ZkldoPK8Ya2SSphY
Static task
static1
Behavioral task
behavioral1
Sample
30b3c55e9fcacf75c3a7828f14b42241b9472871f53a24e668e14fd971beb513.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
30b3c55e9fcacf75c3a7828f14b42241b9472871f53a24e668e14fd971beb513.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.fosna.net - Port:
21 - Username:
[email protected] - Password:
u;4z3V.Iir1l
Targets
-
-
Target
30b3c55e9fcacf75c3a7828f14b42241b9472871f53a24e668e14fd971beb513
-
Size
1.0MB
-
MD5
f4b27282b2b52ba3550e2cf48ed5d098
-
SHA1
48f88ed37fc4f27c791dfa09c1c33f23b493704b
-
SHA256
30b3c55e9fcacf75c3a7828f14b42241b9472871f53a24e668e14fd971beb513
-
SHA512
2bec9b28c6694c9455af79397a19446dec688e2b7014ab7381055cf31331ef4d9339978653ca289ddd4adda3402bc3b6be9d98dcaa47c0befd4c847cf6d081dd
-
SSDEEP
24576:sAHnh+eWsN3skA4RV1Hom2KXMmHa2SSaqhFi/5:Lh+ZkldoPK8Ya2SSphY
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-