General
-
Target
0b027bd2900b1ee4a267a552bad83acff1c109d3bd7d16faf6d8e4773f076a1a
-
Size
641KB
-
Sample
240918-w5cvjswemh
-
MD5
dc10373578a2514b4defe039f07e8342
-
SHA1
684685f0cfca186b4dfdfc55f14b8edc7d783c75
-
SHA256
0b027bd2900b1ee4a267a552bad83acff1c109d3bd7d16faf6d8e4773f076a1a
-
SHA512
524fee44468e700106e7cdb5ff3a0975dbcbd1530fa700550cc7b68f6d080c3f43e136bde8c7e43a80e077616d06e2aba8ac04bdd74d6b51e962c3d704eaf912
-
SSDEEP
12288:DVlyFID894CDiOnoTYkSqIsLXmT2dk4cSp2xfDEAvog+cRfPL3ZPcmiCu5276JxY:DVlIuacOQ7XWSgEAv19RfPTZPcrVi67h
Static task
static1
Behavioral task
behavioral1
Sample
0b027bd2900b1ee4a267a552bad83acff1c109d3bd7d16faf6d8e4773f076a1a.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0b027bd2900b1ee4a267a552bad83acff1c109d3bd7d16faf6d8e4773f076a1a.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.jeepcommerce.rs - Port:
21 - Username:
[email protected] - Password:
Q6]7rLSD*gU2
Extracted
Protocol: ftp- Host:
ftp.jeepcommerce.rs - Port:
21 - Username:
[email protected] - Password:
Q6]7rLSD*gU2
Targets
-
-
Target
0b027bd2900b1ee4a267a552bad83acff1c109d3bd7d16faf6d8e4773f076a1a
-
Size
641KB
-
MD5
dc10373578a2514b4defe039f07e8342
-
SHA1
684685f0cfca186b4dfdfc55f14b8edc7d783c75
-
SHA256
0b027bd2900b1ee4a267a552bad83acff1c109d3bd7d16faf6d8e4773f076a1a
-
SHA512
524fee44468e700106e7cdb5ff3a0975dbcbd1530fa700550cc7b68f6d080c3f43e136bde8c7e43a80e077616d06e2aba8ac04bdd74d6b51e962c3d704eaf912
-
SSDEEP
12288:DVlyFID894CDiOnoTYkSqIsLXmT2dk4cSp2xfDEAvog+cRfPL3ZPcmiCu5276JxY:DVlIuacOQ7XWSgEAv19RfPTZPcrVi67h
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-