General
-
Target
1148-6-0x0000000000E00000-0x0000000000E42000-memory.dmp
-
Size
264KB
-
Sample
240612-g5qzvasgnb
-
MD5
db3509b6ed192c1cccb0997dc0aad24c
-
SHA1
96962c795d15f33d8886648e03277163737535d4
-
SHA256
0ae807dd157e9c5b99a5b6e4a13a193cf5381f1e4db1aa1a7ead5e686b4b1de2
-
SHA512
63e2cb52933664ddfccb6a58fd1316454726cb31631073baeda9d55fb446ae162ddf8871aad032185dd562046f8a2c53902eb0caacefe27938b728ebe9d0df4b
-
SSDEEP
3072:aQYWwEgsgSh73KAG9ifNZG04jGD5/xh7YXaov:7YWwEgsgSh73KL9ifm04yVb7B
Behavioral task
behavioral1
Sample
1148-6-0x0000000000E00000-0x0000000000E42000-memory.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1148-6-0x0000000000E00000-0x0000000000E42000-memory.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.jeepcommerce.rs - Port:
21 - Username:
[email protected] - Password:
Cgn+Udqt0F%y
Extracted
Protocol: ftp- Host:
ftp.jeepcommerce.rs - Port:
21 - Username:
[email protected] - Password:
Cgn+Udqt0F%y
Targets
-
-
Target
1148-6-0x0000000000E00000-0x0000000000E42000-memory.dmp
-
Size
264KB
-
MD5
db3509b6ed192c1cccb0997dc0aad24c
-
SHA1
96962c795d15f33d8886648e03277163737535d4
-
SHA256
0ae807dd157e9c5b99a5b6e4a13a193cf5381f1e4db1aa1a7ead5e686b4b1de2
-
SHA512
63e2cb52933664ddfccb6a58fd1316454726cb31631073baeda9d55fb446ae162ddf8871aad032185dd562046f8a2c53902eb0caacefe27938b728ebe9d0df4b
-
SSDEEP
3072:aQYWwEgsgSh73KAG9ifNZG04jGD5/xh7YXaov:7YWwEgsgSh73KL9ifm04yVb7B
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-