General
-
Target
4dd610b2e78958e224f56685ac063303df32bf6699274d4af8769f1745212c8c
-
Size
555KB
-
Sample
240612-btd81sxerh
-
MD5
0a2551eb9023af662fd2d6caa414bde1
-
SHA1
06df2cd92d0596a7d20893ea1e20ceff7f4bbd20
-
SHA256
4dd610b2e78958e224f56685ac063303df32bf6699274d4af8769f1745212c8c
-
SHA512
f6a4e73da1a22d3efa656a8a29753bd6f8fceb3e09fb9f3050593d7074856e5980659fa552159ffb55a67812c9112eb518d2c86db3e632145eb65e740d69ed42
-
SSDEEP
12288:xYV6MorX7qzuC3QHO9FQVHPF51jgcf9uIJt+goefIlbi5Ef:GBXu9HGaVHUUMD2Idi0
Behavioral task
behavioral1
Sample
4dd610b2e78958e224f56685ac063303df32bf6699274d4af8769f1745212c8c.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.fosna.net - Port:
21 - Username:
[email protected] - Password:
u;4z3V.Iir1l
Targets
-
-
Target
4dd610b2e78958e224f56685ac063303df32bf6699274d4af8769f1745212c8c
-
Size
555KB
-
MD5
0a2551eb9023af662fd2d6caa414bde1
-
SHA1
06df2cd92d0596a7d20893ea1e20ceff7f4bbd20
-
SHA256
4dd610b2e78958e224f56685ac063303df32bf6699274d4af8769f1745212c8c
-
SHA512
f6a4e73da1a22d3efa656a8a29753bd6f8fceb3e09fb9f3050593d7074856e5980659fa552159ffb55a67812c9112eb518d2c86db3e632145eb65e740d69ed42
-
SSDEEP
12288:xYV6MorX7qzuC3QHO9FQVHPF51jgcf9uIJt+goefIlbi5Ef:GBXu9HGaVHUUMD2Idi0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-