General
-
Target
MV OKTEM AKSOY BALTIC QUESTIONARY.pdf.lzh
-
Size
612KB
-
Sample
240625-ke5bbsyfrd
-
MD5
813dbb5e14f01a78096c8519d643eed7
-
SHA1
b6094d9c434ecd534abaeb977c773f5a1e20e36e
-
SHA256
cb6bee68112252d39a6485d5bc3fbcb42d05e6dea374653762558faa5d3d5eab
-
SHA512
2522e09a59ee447d840ef21c2ae56f9ae248a9a1a8578097376e93f75aa7d79679657999ced651610ee4e4e7ba0aee419580dede35d833f8181f1181571fee1d
-
SSDEEP
12288:/XLuN0O9FRMz4QK/6isVfwMOxBaH/lp5h2OMet2RNDPZ1pK+xnC3RRjgSxPjFBgm:vqBRMzFc6isSMDH3D2OWrZdxC3RRjgSp
Static task
static1
Behavioral task
behavioral1
Sample
MV OKTEM AKSOY BALTIC QUESTIONARY.pdf.scr
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
MV OKTEM AKSOY BALTIC QUESTIONARY.pdf.scr
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://beirutrest.com - Port:
21 - Username:
[email protected] - Password:
9yXQ39wz(uL+
Extracted
Protocol: ftp- Host:
beirutrest.com - Port:
21 - Username:
[email protected] - Password:
9yXQ39wz(uL+
Targets
-
-
Target
MV OKTEM AKSOY BALTIC QUESTIONARY.pdf.scr
-
Size
659KB
-
MD5
94229cfdcc9bc894bf133d544de04277
-
SHA1
41308be585e74765f2f4e5acf1efd8665b6c2bd8
-
SHA256
b605c4eaa917dcea421342a1414949dd7a06449d437e85df123e412dcd4fa6fe
-
SHA512
80e7402ab4ab37b860744fd991489e9bee599399a090c4c419bb2454204e126103fa990e6927d469b1ec9369eb414c1447287bf82679749df4c99f0501411d88
-
SSDEEP
12288:HOcwtNMG1vvATlPexwIk8HHSmFKyyw5AX6WzTIanMa:uaGYoIAHjF19Co
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-