General
-
Target
dbcfe75ffa225fe589d46508dfcf014bbdb4444855b3bbb1560249ec1ee2dad9.exe
-
Size
1.2MB
-
Sample
241006-xdpkpstepb
-
MD5
1522208299a09118d66f8935cba32719
-
SHA1
a4d2b0aedd7025d2c9a9fe68865d99292fe9281e
-
SHA256
dbcfe75ffa225fe589d46508dfcf014bbdb4444855b3bbb1560249ec1ee2dad9
-
SHA512
15107e1a1e9f54ee501678296b052c4fcc1e96c8f521b241d5f1855b16bbd821dd1a55705589238adeb9a34df0220f93c02bd173d63a3ffe2f235b7a7189ff17
-
SSDEEP
24576:1fmMv6Ckr7Mny5QZc3uZxgCSvu9OfZxd6Qu:13v+7/5QZyuZrSvuwZ6T
Static task
static1
Behavioral task
behavioral1
Sample
dbcfe75ffa225fe589d46508dfcf014bbdb4444855b3bbb1560249ec1ee2dad9.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
dbcfe75ffa225fe589d46508dfcf014bbdb4444855b3bbb1560249ec1ee2dad9.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.ercolina-usa.com - Port:
21 - Username:
[email protected] - Password:
uy,o#mZj8$lY
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.ercolina-usa.com - Port:
21 - Username:
[email protected] - Password:
uy,o#mZj8$lY
Targets
-
-
Target
dbcfe75ffa225fe589d46508dfcf014bbdb4444855b3bbb1560249ec1ee2dad9.exe
-
Size
1.2MB
-
MD5
1522208299a09118d66f8935cba32719
-
SHA1
a4d2b0aedd7025d2c9a9fe68865d99292fe9281e
-
SHA256
dbcfe75ffa225fe589d46508dfcf014bbdb4444855b3bbb1560249ec1ee2dad9
-
SHA512
15107e1a1e9f54ee501678296b052c4fcc1e96c8f521b241d5f1855b16bbd821dd1a55705589238adeb9a34df0220f93c02bd173d63a3ffe2f235b7a7189ff17
-
SSDEEP
24576:1fmMv6Ckr7Mny5QZc3uZxgCSvu9OfZxd6Qu:13v+7/5QZyuZrSvuwZ6T
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-