General
-
Target
f11f93a5776837831393b739472c1b00.bin
-
Size
667KB
-
Sample
240612-dnqe7szbnp
-
MD5
81139d0a9bb2ec0584a43678df679d9b
-
SHA1
224f62afee1729f38b0efc8861dcf5e226601347
-
SHA256
a465c93169799bb54cf47631ce23be8a992528e4fb4bd8a92c90b841f0e8c83a
-
SHA512
8748db700a0b2aaff048da754f23524aa4d926f27221669c6274ed7383e90472385c14e3b5d93f21868a78a77eb544f04c783aefd13d59334659bfbb7033edd8
-
SSDEEP
12288:Olh1H8W+XtXp37t40kaSUYJCNWMQoeEbGBeDGz4/+ZGPnpLKa1tjt/0ZYoZWc9:4z+9XpaJbJC7PKUy1cBLFXAPsu
Static task
static1
Behavioral task
behavioral1
Sample
3ca2c3cb6757d240f6809c3d246ef902a4cf66e8baf34aaa6ba4ac0aca81f287.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3ca2c3cb6757d240f6809c3d246ef902a4cf66e8baf34aaa6ba4ac0aca81f287.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.fosna.net - Port:
21 - Username:
[email protected] - Password:
(=8fPSH$KO_!
Targets
-
-
Target
3ca2c3cb6757d240f6809c3d246ef902a4cf66e8baf34aaa6ba4ac0aca81f287.exe
-
Size
1.1MB
-
MD5
f11f93a5776837831393b739472c1b00
-
SHA1
bfbc4164cab663ebb8c665b123395f4c5f8be656
-
SHA256
3ca2c3cb6757d240f6809c3d246ef902a4cf66e8baf34aaa6ba4ac0aca81f287
-
SHA512
cb296c0449ddb742cfaa1c35d404beb6ea3ab7f9d6da7ad0b1143ccec73d26685dc0d9985aea4dfaf44110b75dd5844fac6f15a1e3c776aa8a7af68007494f58
-
SSDEEP
24576:AAHnh+eWsN3skA4RV1Hom2KXMmHa4MylLaqE5:3h+ZkldoPK8Ya4M+Wx
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-