General
-
Target
68a483736c12d160216072b5d38bd2ae8de6ddd6f384eea7ef1838892b05c6d5
-
Size
2.0MB
-
Sample
240921-1aj3lavdpm
-
MD5
96b27a9b7a5634ee15d24479395d6325
-
SHA1
4cc78f71e219ec53da1cc5d38c40f5c30069e493
-
SHA256
68a483736c12d160216072b5d38bd2ae8de6ddd6f384eea7ef1838892b05c6d5
-
SHA512
c08a863bfbd633f3f3421095855e58d9ebd4efb3015e7775cd8526faaae6c8468ad6e291377744eb83d2b0f708dc24a88bfefecb5cea997be83885c4e75c2690
-
SSDEEP
24576:ECdxte/80jYLT3U1jfuZPLrAweki81o2UiEAFmOtsXPxU0155cCWjQ:Vw80cTsj2ZPLrA/k/7UiEAFmOG5Uq3z
Behavioral task
behavioral1
Sample
68a483736c12d160216072b5d38bd2ae8de6ddd6f384eea7ef1838892b05c6d5.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
68a483736c12d160216072b5d38bd2ae8de6ddd6f384eea7ef1838892b05c6d5.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.controlfire.com.mx - Port:
21 - Username:
[email protected] - Password:
0a4XlE=4t8mz
Targets
-
-
Target
68a483736c12d160216072b5d38bd2ae8de6ddd6f384eea7ef1838892b05c6d5
-
Size
2.0MB
-
MD5
96b27a9b7a5634ee15d24479395d6325
-
SHA1
4cc78f71e219ec53da1cc5d38c40f5c30069e493
-
SHA256
68a483736c12d160216072b5d38bd2ae8de6ddd6f384eea7ef1838892b05c6d5
-
SHA512
c08a863bfbd633f3f3421095855e58d9ebd4efb3015e7775cd8526faaae6c8468ad6e291377744eb83d2b0f708dc24a88bfefecb5cea997be83885c4e75c2690
-
SSDEEP
24576:ECdxte/80jYLT3U1jfuZPLrAweki81o2UiEAFmOtsXPxU0155cCWjQ:Vw80cTsj2ZPLrA/k/7UiEAFmOG5Uq3z
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-