General
-
Target
72c145dca14edd2096019fe961f0eca46924aafd648e1b3895c8f69c64ff24faN
-
Size
683KB
-
Sample
240921-nlmlmszfnk
-
MD5
196d72a941517ca4a63fcf1c71af4f20
-
SHA1
ef3d42e6566313cee4f3696c614bf72029cf3faa
-
SHA256
72c145dca14edd2096019fe961f0eca46924aafd648e1b3895c8f69c64ff24fa
-
SHA512
266ee1a72c1f0e317497d6b58dc38b215cd488b49f4e6bc81749b64320633ce707d5d8c641637c372a25cd16b74312967c02999fe07d3c0a1400a47b171adf66
-
SSDEEP
12288:+e8CgCTxI3lavjshPwfcmLdVssLr/UJdEUr4cugQkWlSquEIvwmEjTAVGWkR:/5IIrsPws+6BugFWlSqnIvIAVGN
Static task
static1
Behavioral task
behavioral1
Sample
72c145dca14edd2096019fe961f0eca46924aafd648e1b3895c8f69c64ff24faN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
72c145dca14edd2096019fe961f0eca46924aafd648e1b3895c8f69c64ff24faN.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.controlfire.com.mx - Port:
21 - Username:
[email protected] - Password:
0a4XlE=4t8mz
Extracted
Protocol: ftp- Host:
ftp.controlfire.com.mx - Port:
21 - Username:
[email protected] - Password:
0a4XlE=4t8mz
Targets
-
-
Target
72c145dca14edd2096019fe961f0eca46924aafd648e1b3895c8f69c64ff24faN
-
Size
683KB
-
MD5
196d72a941517ca4a63fcf1c71af4f20
-
SHA1
ef3d42e6566313cee4f3696c614bf72029cf3faa
-
SHA256
72c145dca14edd2096019fe961f0eca46924aafd648e1b3895c8f69c64ff24fa
-
SHA512
266ee1a72c1f0e317497d6b58dc38b215cd488b49f4e6bc81749b64320633ce707d5d8c641637c372a25cd16b74312967c02999fe07d3c0a1400a47b171adf66
-
SSDEEP
12288:+e8CgCTxI3lavjshPwfcmLdVssLr/UJdEUr4cugQkWlSquEIvwmEjTAVGWkR:/5IIrsPws+6BugFWlSqnIvIAVGN
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-