General
-
Target
malw.exe
-
Size
1.1MB
-
Sample
240923-qkfsta1bph
-
MD5
84d2f864ef09213d09cfb77d000413d0
-
SHA1
5773bd80df75886f2c187cbffb5ec7d1fee0f5a2
-
SHA256
8620bb30604eee5bfb0e24037cac89079783beb9a32a4464ccb4b1f9c0cf3505
-
SHA512
7fe3e8b21a4ab4608f1afcf7d66301dceed58bd2db463798f12eed9f70d85c46b9fbff5914ea8ca617d1bc12ed7ac6d4f5bf457e3f514255d209f9ca5fef693a
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCYfb7ffxUuQSYh3NjUk9W5oP:7JZoQrbTFZY1iaCYfH5PQz97P
Static task
static1
Behavioral task
behavioral1
Sample
malw.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
malw.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://backup.smartape.ru - Port:
21 - Username:
user894492 - Password:
w6NZOdcSkH1a
Targets
-
-
Target
malw.exe
-
Size
1.1MB
-
MD5
84d2f864ef09213d09cfb77d000413d0
-
SHA1
5773bd80df75886f2c187cbffb5ec7d1fee0f5a2
-
SHA256
8620bb30604eee5bfb0e24037cac89079783beb9a32a4464ccb4b1f9c0cf3505
-
SHA512
7fe3e8b21a4ab4608f1afcf7d66301dceed58bd2db463798f12eed9f70d85c46b9fbff5914ea8ca617d1bc12ed7ac6d4f5bf457e3f514255d209f9ca5fef693a
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCYfb7ffxUuQSYh3NjUk9W5oP:7JZoQrbTFZY1iaCYfH5PQz97P
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Suspicious use of SetThreadContext
-