General
-
Target
c5a66daf8a49bd675d71736d7a81366f
-
Size
1.0MB
-
Sample
240913-16c9xssfke
-
MD5
c5a66daf8a49bd675d71736d7a81366f
-
SHA1
5d0312e80a42f82914eca818e3206dba210cd2b8
-
SHA256
56287adf7892b0d48ce32ace863e4e403f51dc20eba9e422602fb61bb667a5f1
-
SHA512
f5b895fcf58dc665308bc56862b3f6eba43f5783f305d4e0992f8c46b5c867e083f8946100d5cb59a437a01c3ba633946a1e9256727c5033c21c0322538c3c0e
-
SSDEEP
24576:p4lavt0LkLL9IMixoEgea5QRYRCeS0D8qWwq9MmCS:4kwkn9IMHea5Q2R3S0D8qPaPCS
Static task
static1
Behavioral task
behavioral1
Sample
c5a66daf8a49bd675d71736d7a81366f.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c5a66daf8a49bd675d71736d7a81366f.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.stingatoareincendii.ro - Port:
21 - Username:
[email protected] - Password:
3.*RYhlG)lkA
Targets
-
-
Target
c5a66daf8a49bd675d71736d7a81366f
-
Size
1.0MB
-
MD5
c5a66daf8a49bd675d71736d7a81366f
-
SHA1
5d0312e80a42f82914eca818e3206dba210cd2b8
-
SHA256
56287adf7892b0d48ce32ace863e4e403f51dc20eba9e422602fb61bb667a5f1
-
SHA512
f5b895fcf58dc665308bc56862b3f6eba43f5783f305d4e0992f8c46b5c867e083f8946100d5cb59a437a01c3ba633946a1e9256727c5033c21c0322538c3c0e
-
SSDEEP
24576:p4lavt0LkLL9IMixoEgea5QRYRCeS0D8qWwq9MmCS:4kwkn9IMHea5Q2R3S0D8qPaPCS
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-