General
-
Target
a62ac4efd4acf6d04857d8377f2f0a33b6df4effae2a7b5b23e64d949b54aa99
-
Size
757KB
-
Sample
240612-bw62taxgjr
-
MD5
2c9c731d92991999cde88d78cf535b07
-
SHA1
320f2bc63a78911a5ba308492a9f0844f0b42dc7
-
SHA256
a62ac4efd4acf6d04857d8377f2f0a33b6df4effae2a7b5b23e64d949b54aa99
-
SHA512
5344c5e1d365455d8b8bec076ba67c5a55b82e5029787a8186b7e9bec9583ac66d0ab1b7260b585d2d58c67e58f80280763a5e3c2e43bc3d5d6caf969a028f04
-
SSDEEP
12288:qLRD3HH3DI++tuISqoNNVX3qJBRiWTK1hlsVZoM0V+DkzpEayTuSUxVum:kRjH3DIT8NaBVTKAZoM1Oeai2u
Static task
static1
Behavioral task
behavioral1
Sample
a62ac4efd4acf6d04857d8377f2f0a33b6df4effae2a7b5b23e64d949b54aa99.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a62ac4efd4acf6d04857d8377f2f0a33b6df4effae2a7b5b23e64d949b54aa99.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.wapination.net - Port:
21 - Username:
[email protected] - Password:
sync@#1235
Targets
-
-
Target
a62ac4efd4acf6d04857d8377f2f0a33b6df4effae2a7b5b23e64d949b54aa99
-
Size
757KB
-
MD5
2c9c731d92991999cde88d78cf535b07
-
SHA1
320f2bc63a78911a5ba308492a9f0844f0b42dc7
-
SHA256
a62ac4efd4acf6d04857d8377f2f0a33b6df4effae2a7b5b23e64d949b54aa99
-
SHA512
5344c5e1d365455d8b8bec076ba67c5a55b82e5029787a8186b7e9bec9583ac66d0ab1b7260b585d2d58c67e58f80280763a5e3c2e43bc3d5d6caf969a028f04
-
SSDEEP
12288:qLRD3HH3DI++tuISqoNNVX3qJBRiWTK1hlsVZoM0V+DkzpEayTuSUxVum:kRjH3DIT8NaBVTKAZoM1Oeai2u
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-