General
-
Target
ff2be6f85c26c62d50364e48cc6f6209df35b82d6c4b0db31e776f84b81629a5.exe
-
Size
1.0MB
-
Sample
240920-cccjjatdpn
-
MD5
c6fe897cf4e5f9cd403bcde5a721c381
-
SHA1
5923e89201e0d9a5dd35763eb2c8a0ade982dcb4
-
SHA256
ff2be6f85c26c62d50364e48cc6f6209df35b82d6c4b0db31e776f84b81629a5
-
SHA512
64f1534ca3c305366e7bacc7c2e48daadb3a126644c3e52b8986dabed7b847280550d0373de93c40207c3d16ed0e297e54cf7fc6bad83fec25dd1514d617c300
-
SSDEEP
24576:ftb20pkaCqT5TBWgNQ7aRxt9sqvOXiA6A:cVg5tQ7aRxt9cv5
Static task
static1
Behavioral task
behavioral1
Sample
ff2be6f85c26c62d50364e48cc6f6209df35b82d6c4b0db31e776f84b81629a5.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ff2be6f85c26c62d50364e48cc6f6209df35b82d6c4b0db31e776f84b81629a5.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.elquijotebanquetes.com - Port:
21 - Username:
[email protected] - Password:
-GN,s*KH{VEhPmo)+f
Targets
-
-
Target
ff2be6f85c26c62d50364e48cc6f6209df35b82d6c4b0db31e776f84b81629a5.exe
-
Size
1.0MB
-
MD5
c6fe897cf4e5f9cd403bcde5a721c381
-
SHA1
5923e89201e0d9a5dd35763eb2c8a0ade982dcb4
-
SHA256
ff2be6f85c26c62d50364e48cc6f6209df35b82d6c4b0db31e776f84b81629a5
-
SHA512
64f1534ca3c305366e7bacc7c2e48daadb3a126644c3e52b8986dabed7b847280550d0373de93c40207c3d16ed0e297e54cf7fc6bad83fec25dd1514d617c300
-
SSDEEP
24576:ftb20pkaCqT5TBWgNQ7aRxt9sqvOXiA6A:cVg5tQ7aRxt9cv5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-