General
-
Target
P0n.1037596.exe
-
Size
1.4MB
-
Sample
240922-we4kkssdmj
-
MD5
779916ce1a42f01bfbd61d9a8590c986
-
SHA1
1c96e7bc16c39d4d021526accda62dc356cd2425
-
SHA256
d5ae03977dc29b4ed4736c3f045bb47a670255d47dd189a58b90485ae23417b8
-
SHA512
f1b084835e3145de0651af493cc2c5ce8fe35bf594193001adf619155221c9101da84021f672935c382b8ad66347648e33ba7e04931c4fd43b6fc07083bfdfc9
-
SSDEEP
24576:pCdxte/80jYLT3U1jfsWaRvFrVIDbJtWF1WeiWr6dMu6Q:Yw80cTsjkWaRTIPO7ziA66u
Static task
static1
Behavioral task
behavioral1
Sample
P0n.1037596.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
P0n.1037596.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.gizemetiket.com.tr - Port:
21 - Username:
pgizemM6 - Password:
giz95Ffg
Targets
-
-
Target
P0n.1037596.exe
-
Size
1.4MB
-
MD5
779916ce1a42f01bfbd61d9a8590c986
-
SHA1
1c96e7bc16c39d4d021526accda62dc356cd2425
-
SHA256
d5ae03977dc29b4ed4736c3f045bb47a670255d47dd189a58b90485ae23417b8
-
SHA512
f1b084835e3145de0651af493cc2c5ce8fe35bf594193001adf619155221c9101da84021f672935c382b8ad66347648e33ba7e04931c4fd43b6fc07083bfdfc9
-
SSDEEP
24576:pCdxte/80jYLT3U1jfsWaRvFrVIDbJtWF1WeiWr6dMu6Q:Yw80cTsjkWaRTIPO7ziA66u
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-