General
-
Target
f6c07c1f1b936ac8da62b2a68392634053d0b39c2da4c7ba98e7b7e0ae9fbf94
-
Size
1.2MB
-
Sample
241016-bhjpcsvdmc
-
MD5
7059c9fae0e7595bf454796551c79dab
-
SHA1
ef9d22e79dd8f6482c1e1b6c285555b23026575e
-
SHA256
f6c07c1f1b936ac8da62b2a68392634053d0b39c2da4c7ba98e7b7e0ae9fbf94
-
SHA512
7696ef0e5063caa138a2ae832a498e62c19a33626194cdeb31d0159d6e86636bb494db461800fe5f8a7d014e607d3679ea74d54e8465322019ea22059bd6c218
-
SSDEEP
24576:YtRjwkfngUIZzFwjcD5tH21r1o2LOGYca1Ip:mcEUxFwjwb0ho2XYC
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.alternatifplastik.com - Port:
21 - Username:
[email protected] - Password:
Fineboy777@
Targets
-
-
Target
f6c07c1f1b936ac8da62b2a68392634053d0b39c2da4c7ba98e7b7e0ae9fbf94
-
Size
1.2MB
-
MD5
7059c9fae0e7595bf454796551c79dab
-
SHA1
ef9d22e79dd8f6482c1e1b6c285555b23026575e
-
SHA256
f6c07c1f1b936ac8da62b2a68392634053d0b39c2da4c7ba98e7b7e0ae9fbf94
-
SHA512
7696ef0e5063caa138a2ae832a498e62c19a33626194cdeb31d0159d6e86636bb494db461800fe5f8a7d014e607d3679ea74d54e8465322019ea22059bd6c218
-
SSDEEP
24576:YtRjwkfngUIZzFwjcD5tH21r1o2LOGYca1Ip:mcEUxFwjwb0ho2XYC
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Suspicious use of SetThreadContext
-