General
-
Target
86c0e8c71fe53ff1ee1ac2a494c208392b9f4128f85552e69105e8fa19724f63.exe
-
Size
801KB
-
Sample
240922-jr5l7aygpg
-
MD5
f7407d909a701a85f0aec9c898ebed35
-
SHA1
19fb4fbbc9e1f1e279b9f046e0667287cef40951
-
SHA256
86c0e8c71fe53ff1ee1ac2a494c208392b9f4128f85552e69105e8fa19724f63
-
SHA512
3d6b55c42e8309a059a923560ef7838c13385c4680c467669b9900dce55fd31827aa0490964649768b80f891ab4e6e26f45a4455ff92d64cbf8d9fe065a9fd91
-
SSDEEP
12288:v6Wq4aaE6KwyF5L0Y2D1PqLRpZnECRwtmO64RPFG3lAr9T7IrqmK+2tZb1XswHTt:tthEVaPqL1l/O641F5TYKlZpXRTBDyO9
Behavioral task
behavioral1
Sample
86c0e8c71fe53ff1ee1ac2a494c208392b9f4128f85552e69105e8fa19724f63.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
86c0e8c71fe53ff1ee1ac2a494c208392b9f4128f85552e69105e8fa19724f63.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.elquijotebanquetes.com - Port:
21 - Username:
[email protected] - Password:
-GN,s*KH{VEhPmo)+f
Targets
-
-
Target
86c0e8c71fe53ff1ee1ac2a494c208392b9f4128f85552e69105e8fa19724f63.exe
-
Size
801KB
-
MD5
f7407d909a701a85f0aec9c898ebed35
-
SHA1
19fb4fbbc9e1f1e279b9f046e0667287cef40951
-
SHA256
86c0e8c71fe53ff1ee1ac2a494c208392b9f4128f85552e69105e8fa19724f63
-
SHA512
3d6b55c42e8309a059a923560ef7838c13385c4680c467669b9900dce55fd31827aa0490964649768b80f891ab4e6e26f45a4455ff92d64cbf8d9fe065a9fd91
-
SSDEEP
12288:v6Wq4aaE6KwyF5L0Y2D1PqLRpZnECRwtmO64RPFG3lAr9T7IrqmK+2tZb1XswHTt:tthEVaPqL1l/O641F5TYKlZpXRTBDyO9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-