General
-
Target
MV SEVKETTIN SONAY_VSL's DESC.DOC.lzh
-
Size
645KB
-
Sample
240625-smp6dazgjk
-
MD5
2ffe5462be18f98940bc935f6fd7f81c
-
SHA1
91bf6f80de8b69e9e06195b3a3482eefbc355e7e
-
SHA256
44b8cbccdfd862899d4d5825e10389d7daa49fbab25d18b50c593a9a81d3d9d0
-
SHA512
086a46854d327ddbbb30c729f317c0003916e31071b731895e1a6d6628331151ac1d1594058d583e99a9e06fa62c2e844b69c8d51338977667059783c1e3031f
-
SSDEEP
12288:JA7NTmGY2E80cN1oZnaQuIOL/7kh29Un8SH9yjrsjhmVromQS3GIc0Do:JE9mMZoZaQuIgkh2WnTWeo0HSWIc3
Static task
static1
Behavioral task
behavioral1
Sample
MV SEVKETTIN SONAY_VSL's DESC.DOC.scr
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
MV SEVKETTIN SONAY_VSL's DESC.DOC.scr
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://beirutrest.com - Port:
21 - Username:
[email protected] - Password:
9yXQ39wz(uL+
Extracted
Protocol: ftp- Host:
beirutrest.com - Port:
21 - Username:
[email protected] - Password:
9yXQ39wz(uL+
Targets
-
-
Target
MV SEVKETTIN SONAY_VSL's DESC.DOC.scr
-
Size
717KB
-
MD5
856076a266bf66744428123e379d6e54
-
SHA1
88e2e194d5944b748671fefa67c61d3c48af7cf6
-
SHA256
c09cba9da1f8a6c8fbda87ce1c29455118eb13876286388a7d768ba98585aa78
-
SHA512
a5aeb1f440fb332eb5c8cac0ac2c2a5027984acf87c16716e5e96620fd4e379e0a07776e35c2099221ae21ad440d83ec98ca6f6bcd7bc163d6c56d91e52458da
-
SSDEEP
12288:4cxbJytLuL+vKDrPvBMVe/CPMvLM2isPhGCMQJ46Bh7zl:4cxbJnHegVTHisJYjUhN
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-