General
-
Target
ec7011e10454bc70ce1839eb803037a8cdd9f832cc9301759a6d7da06d0e8a17
-
Size
619KB
-
Sample
241017-b1xc6svfnb
-
MD5
d711e6fbba0fd562de56d7e22499c302
-
SHA1
24880d280c3a60824d20d100fbf2a13bb1074dc4
-
SHA256
ec7011e10454bc70ce1839eb803037a8cdd9f832cc9301759a6d7da06d0e8a17
-
SHA512
2165fcb89b0fffaea1d586dfde396b085908e8f642f9a95141d4efb63edd9d059cc66bed516514512eb5614adf3235408cd40422e54f00766d9777e7fbd5e661
-
SSDEEP
12288:ktUSQr54suw5IEu1ygbKqZ7IdKuuLhqPQ7dFahJ0PNbzjZl2ejBObnhQxZikb8Ba:sM54suw5tu8NqpIrucPuDahJWNfLibn0
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.aminhacorretora.com.br - Port:
21 - Username:
[email protected] - Password:
_yA=,M5*J?KH
Targets
-
-
Target
Carta n° 2024-10-16T14040024.971.doc.exe
-
Size
812KB
-
MD5
2788e0e233dfa0671c63179549ad16ed
-
SHA1
d9edf6671d0e7abf960a1c5dc8c6a126ec8f2c23
-
SHA256
5b79bb5c716c9797e048785965be3c3a54a73a587d23d0027130cb31b618e124
-
SHA512
359e41da27a9e214d2d08eb8f340a6951a53a717078254cf4889e039c9cbc86e7f159fb2c94fa1f9f49d6f80d2fa667f67f7084d074f6a82726578c8c5f6a6da
-
SSDEEP
12288:o53yuZG8+De1kIse8LRWjrZCollIoNE8krZu3zvK541r8m:o53yuZGVteKRyjl6ikdCzvy41r
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-