General
-
Target
a35a763596fde108f68bc3e391a1b51507f75f424fe6155b73eaee2a5f64a16f.uue
-
Size
574KB
-
Sample
240727-b7jewssbnb
-
MD5
cdf3dc3cc26724b2daa6399bdc11aff0
-
SHA1
809d6b1df26f7162fb26976116ce3c97f39be643
-
SHA256
a35a763596fde108f68bc3e391a1b51507f75f424fe6155b73eaee2a5f64a16f
-
SHA512
4e86739eb4bb56e063b029e0e61863fd32a9dc6a912b6ef2e7019d815c9ea5018101b237e35183fecd3de04f73c621b41d1304274a4f9f724072a9793f9947a1
-
SSDEEP
12288:vv+bx0S1XrCeO1guFC5OT3fcoWqx4gayOK9OytQPrjxjUGAKgc:ve21d1VvIIXQzr7F
Static task
static1
Behavioral task
behavioral1
Sample
답장 Redmond, Inc. 송장 422934 파고.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
답장 Redmond, Inc. 송장 422934 파고.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.gizemetiket.com.tr - Port:
21 - Username:
pgizemM6 - Password:
giz95Ffg
Targets
-
-
Target
답장 Redmond, Inc. 송장 422934 파고.exe
-
Size
1.1MB
-
MD5
01b11b328b1a7626360a082a51f18f56
-
SHA1
43c95605ff088f60dc46e103a25dd52a7bd9c2c5
-
SHA256
eb56fa3be684223e59c0c407d35fd60a5e7be04bb24977d69049ed00f1ce751a
-
SHA512
7b30161773cf65b28d62f464e9facde529e9bf821d59075b1dd4d6f61796fd5410ced80379d2ec7ac5a93b927af9f1463cfbf82a60bcda0cfc8c732d2fa3942b
-
SSDEEP
24576:QqDEvCTbMWu7rQYlBQcBiT6rprG8aD1TXQkYQz:QTvC/MTQYxsWR7aD1TXA
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-