General
-
Target
47e742b319284f94cdfa31df7fdaf5d3a6e4edda95116029238c06cdfd88d946
-
Size
639KB
-
Sample
240619-cz3n8swgnr
-
MD5
54a37ef37fc5f7fae765f026ec1b12a1
-
SHA1
209c650a4f10566a77f66b42e1e28ac2ef44739f
-
SHA256
47e742b319284f94cdfa31df7fdaf5d3a6e4edda95116029238c06cdfd88d946
-
SHA512
78a6abd52a83dff67a2014ea3f0b61083e2e3f93db999d39387109076ef11c76fc8e4d832cce2db995cfaaab1630aa96331ce09b6a01efe425a09a69eff8c88f
-
SSDEEP
12288:Q6S2fQ7ORTLD8Wjf4pw1wPOp08vIhtfck6qYAgVjvP8kF:XSyQuTzXw2pvi1cCxY8c
Static task
static1
Behavioral task
behavioral1
Sample
RFQ#12P Introduction approved vendor.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
RFQ#12P Introduction approved vendor.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.fosna.net - Port:
21 - Username:
[email protected] - Password:
u;4z3V.Iir1l
Targets
-
-
Target
RFQ#12P Introduction approved vendor.exe
-
Size
1.0MB
-
MD5
4b2392f37ab413cb037267617626efed
-
SHA1
ceb32e52c9292c0f965c1f2a3c61fb3bb95999ff
-
SHA256
1dcdee301091e79fda8c1ce30dd1ac39e912aed3720163a23b1f2d688635ceee
-
SHA512
c63c2b77332b07df4364a302ba366a7faaeec28b184d9a74b21ab69ca1323cb515add9afee9e98a2ee7a138526901d49f3ec39555033f366e8299f340fffb9ec
-
SSDEEP
24576:IAHnh+eWsN3skA4RV1Hom2KXMmHanl1rejVV5:Ph+ZkldoPK8Yannej5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-