General
-
Target
6ec658dd8c9d8a53c0ece696d9a470b0fbf05bb45d6d40be166b0dfe9e194ada
-
Size
851KB
-
Sample
240612-cby15sycja
-
MD5
ac7558e1e90836a93695943cb87920fa
-
SHA1
37068aef026f3032d92d887c1400d5bc6b564507
-
SHA256
6ec658dd8c9d8a53c0ece696d9a470b0fbf05bb45d6d40be166b0dfe9e194ada
-
SHA512
85c51621c69c7de5050a370c03f3b633c1a28524c5c65fec0b8435f2ed906cb6c6c5ca0e7425bd2cb40c50ced385f30ed64f6721b541736d9ee15d1954c72bda
-
SSDEEP
24576:Fg61jjk0LAta9A1DIhjofqXifXCTR4uNl:2wSfSjNl
Static task
static1
Behavioral task
behavioral1
Sample
6ec658dd8c9d8a53c0ece696d9a470b0fbf05bb45d6d40be166b0dfe9e194ada.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
6ec658dd8c9d8a53c0ece696d9a470b0fbf05bb45d6d40be166b0dfe9e194ada.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://beirutrest.com - Port:
21 - Username:
[email protected] - Password:
9yXQ39wz(uL+
Targets
-
-
Target
6ec658dd8c9d8a53c0ece696d9a470b0fbf05bb45d6d40be166b0dfe9e194ada
-
Size
851KB
-
MD5
ac7558e1e90836a93695943cb87920fa
-
SHA1
37068aef026f3032d92d887c1400d5bc6b564507
-
SHA256
6ec658dd8c9d8a53c0ece696d9a470b0fbf05bb45d6d40be166b0dfe9e194ada
-
SHA512
85c51621c69c7de5050a370c03f3b633c1a28524c5c65fec0b8435f2ed906cb6c6c5ca0e7425bd2cb40c50ced385f30ed64f6721b541736d9ee15d1954c72bda
-
SSDEEP
24576:Fg61jjk0LAta9A1DIhjofqXifXCTR4uNl:2wSfSjNl
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-