General
-
Target
2fff0f7daa795fcbb020c79c9d3187b74bc4851a4bf83b1341c6288b06faf321
-
Size
1.0MB
-
Sample
240612-btm6xsxfjd
-
MD5
1ec0eac3165afc1864ad1658834fc9e4
-
SHA1
6c355bb6e6013b6f4b2c155bae4cd27a6136c918
-
SHA256
2fff0f7daa795fcbb020c79c9d3187b74bc4851a4bf83b1341c6288b06faf321
-
SHA512
25f19ab91a6d0ec4c0aa0cdfc5ed6853e2cedf502fa655456b3e5f2f850aff413ad5040d817be29c460f0ca4e3c34f6eb37456bfeb70e4309e5b69f28e042407
-
SSDEEP
24576:bAHnh+eWsN3skA4RV1Hom2KXcmtcRgUMD2IdiPT5:2h+ZkldoPKsacRgZ1dk
Static task
static1
Behavioral task
behavioral1
Sample
2fff0f7daa795fcbb020c79c9d3187b74bc4851a4bf83b1341c6288b06faf321.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2fff0f7daa795fcbb020c79c9d3187b74bc4851a4bf83b1341c6288b06faf321.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.fosna.net - Port:
21 - Username:
[email protected] - Password:
u;4z3V.Iir1l
Targets
-
-
Target
2fff0f7daa795fcbb020c79c9d3187b74bc4851a4bf83b1341c6288b06faf321
-
Size
1.0MB
-
MD5
1ec0eac3165afc1864ad1658834fc9e4
-
SHA1
6c355bb6e6013b6f4b2c155bae4cd27a6136c918
-
SHA256
2fff0f7daa795fcbb020c79c9d3187b74bc4851a4bf83b1341c6288b06faf321
-
SHA512
25f19ab91a6d0ec4c0aa0cdfc5ed6853e2cedf502fa655456b3e5f2f850aff413ad5040d817be29c460f0ca4e3c34f6eb37456bfeb70e4309e5b69f28e042407
-
SSDEEP
24576:bAHnh+eWsN3skA4RV1Hom2KXcmtcRgUMD2IdiPT5:2h+ZkldoPKsacRgZ1dk
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-