General
-
Target
d04a4d35f420685b9d2c4f8ed2e2f46944894e0a80352f0aab3f4f522e5355fe
-
Size
749KB
-
Sample
240612-cek9fsycnd
-
MD5
8dd9373d457f7ee5be8c225d96959a61
-
SHA1
c581ca78b6e63595857ec50bed893cc009a8672d
-
SHA256
d04a4d35f420685b9d2c4f8ed2e2f46944894e0a80352f0aab3f4f522e5355fe
-
SHA512
f26a89f6d0b06e841302c6625ccaf9f582ad412e8c84014e466a6528ea2ee737f5e201ddb887b454f56e81022d038c242c17e15f6c722660eb89a267f53e14f7
-
SSDEEP
12288:N0ZXK+qX83NIpvTjU6lNF584kJTYRvuGWywwzJs35QDe1d6ZH6zhfKt+KfuZ:NsXK+q83NIpvT5lf5847RvuGnwwzJs3h
Static task
static1
Behavioral task
behavioral1
Sample
PO HOI-2024-055.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
PO HOI-2024-055.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.jeepcommerce.rs - Port:
21 - Username:
[email protected] - Password:
YeAiGo[)yv#k
Targets
-
-
Target
PO HOI-2024-055.exe
-
Size
1.0MB
-
MD5
1483ef78efe6ae4636ba2888d09ebd8d
-
SHA1
f7551c0b1583db6a5a5323abb659084d66fa9117
-
SHA256
51991927ba3cf9049da35e9104b96129bbff2389c24ccf09b767ddde8dc78b5e
-
SHA512
3a47d2463e0433ee5c42f7744718dea4d8d9b71f21f609669f65415f041f4672c2aa66ed13724f683ffbc577a40446c871e73e998da02412f67e76af0182b5cc
-
SSDEEP
24576:gg61jjk0LAta9APDIMOzJFvzTwCzTQbbxViUSX8wx2a:hdOzLv/pMbbxVjSXDka
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-