General
-
Target
bf2fe7c94a2bfdc7c066cdecedfc4b76ded49fd90d8c93b6deeebe777c198c2d
-
Size
757KB
-
Sample
240612-cj7cgsydmg
-
MD5
8bb3c4d2c945a5b91bb1bbe6845b1528
-
SHA1
dc78fba7c16e9d12cc1b79f81db12d016b189c5c
-
SHA256
bf2fe7c94a2bfdc7c066cdecedfc4b76ded49fd90d8c93b6deeebe777c198c2d
-
SHA512
11fd206dcc448d966581c635bda32ac5072531f8d69f964b1258c49a71dae0100155592e23542707857db639f4c0b9504698512ee5d4de60a2a0d6bb2e2ce71d
-
SSDEEP
12288:tZSKFyn1MMQqC3xQlqjmD/Oi/A1wMb+g14n16NXiACR5leZlN:tZZFy1MMQ93OlqjOf/eSln4piA+er
Static task
static1
Behavioral task
behavioral1
Sample
bf2fe7c94a2bfdc7c066cdecedfc4b76ded49fd90d8c93b6deeebe777c198c2d.exe
Resource
win7-20240419-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.jeepcommerce.rs - Port:
21 - Username:
[email protected] - Password:
Cgn+Udqt0F%y
Targets
-
-
Target
bf2fe7c94a2bfdc7c066cdecedfc4b76ded49fd90d8c93b6deeebe777c198c2d
-
Size
757KB
-
MD5
8bb3c4d2c945a5b91bb1bbe6845b1528
-
SHA1
dc78fba7c16e9d12cc1b79f81db12d016b189c5c
-
SHA256
bf2fe7c94a2bfdc7c066cdecedfc4b76ded49fd90d8c93b6deeebe777c198c2d
-
SHA512
11fd206dcc448d966581c635bda32ac5072531f8d69f964b1258c49a71dae0100155592e23542707857db639f4c0b9504698512ee5d4de60a2a0d6bb2e2ce71d
-
SSDEEP
12288:tZSKFyn1MMQqC3xQlqjmD/Oi/A1wMb+g14n16NXiACR5leZlN:tZZFy1MMQ93OlqjOf/eSln4piA+er
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-