General
-
Target
a539d7d9a5916958e35c6491b628761af50872a5832339f0741dfe755f830a4d
-
Size
644KB
-
Sample
240913-k4lwaavgrj
-
MD5
a19e8f61230479e2364a4bb99421893a
-
SHA1
fb7ab57960f56ad8c6162cc8579743a292f22735
-
SHA256
a539d7d9a5916958e35c6491b628761af50872a5832339f0741dfe755f830a4d
-
SHA512
858ae1b760232d35124494c24f16e9690d78e47d59290871ab3758820fb8e8007f848ed79d73fe5827f9ea3bab22eaa50cd2aa73f2a1be86886fd0fa55dd8d37
-
SSDEEP
12288:oFS0bppPuHbAJZN2ZI2v+uQXUFu8x5XSt54SPb45wbocqyGQQiviLIzAl6V1WYiP:9U7Pu7wZ4Zx21QFho45wsNyGViqEzoYS
Static task
static1
Behavioral task
behavioral1
Sample
4fb5281d2ac2e31416f64aa0ddcece35ac2ebea9fbe503dfdc8036a1289403ca.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
4fb5281d2ac2e31416f64aa0ddcece35ac2ebea9fbe503dfdc8036a1289403ca.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.stingatoareincendii.ro - Port:
21 - Username:
[email protected] - Password:
3.*RYhlG)lkA
Targets
-
-
Target
4fb5281d2ac2e31416f64aa0ddcece35ac2ebea9fbe503dfdc8036a1289403ca.exe
-
Size
1.0MB
-
MD5
52ace262c8e6acdb7d63f959ee499772
-
SHA1
76760b1c4e049c1ee6d7a2c5723d929bf013519d
-
SHA256
4fb5281d2ac2e31416f64aa0ddcece35ac2ebea9fbe503dfdc8036a1289403ca
-
SHA512
edf885bc1c52ded6a9d75d501d78a3240398fa093eada3b0441bc55d36e24a509057e1e6b78c3181a0e89caaa190ce6f934d287ea4933ff5b0b232afe77a725b
-
SSDEEP
24576:Z4lavt0LkLL9IMixoEgeaU77jfpmBrEOwq9MmCS:okwkn9IMHeaUb4BrEDaPCS
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-