General
-
Target
980f9194127787aa86528f74982938a0e8ae15ff556c567f7704db23ac23f0a7
-
Size
811KB
-
Sample
241017-bfrbesxbmr
-
MD5
4a6990bbee50bc927f6e3103a4e53cf9
-
SHA1
6334b2fa60fa1333acc0cb53b31da9214d1c9c40
-
SHA256
980f9194127787aa86528f74982938a0e8ae15ff556c567f7704db23ac23f0a7
-
SHA512
657493243b9648ee8fd647ba52b186998b33c44f930e0a5e1c852fd3aef6f54a4dc7fccc9dfc987b29afaa9f1735c1b59309637855081737a16c270a24bf297b
-
SSDEEP
12288:y13yuZG8+De1kIse8LRWjrZCollIoNE8kAZu33vK541r:y13yuZGVteKRyjl6ikSC3vy41r
Static task
static1
Behavioral task
behavioral1
Sample
980f9194127787aa86528f74982938a0e8ae15ff556c567f7704db23ac23f0a7.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
980f9194127787aa86528f74982938a0e8ae15ff556c567f7704db23ac23f0a7.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.aminhacorretora.com.br - Port:
21 - Username:
[email protected] - Password:
_yA=,M5*J?KH
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.aminhacorretora.com.br - Port:
21 - Username:
[email protected] - Password:
_yA=,M5*J?KH
Targets
-
-
Target
980f9194127787aa86528f74982938a0e8ae15ff556c567f7704db23ac23f0a7
-
Size
811KB
-
MD5
4a6990bbee50bc927f6e3103a4e53cf9
-
SHA1
6334b2fa60fa1333acc0cb53b31da9214d1c9c40
-
SHA256
980f9194127787aa86528f74982938a0e8ae15ff556c567f7704db23ac23f0a7
-
SHA512
657493243b9648ee8fd647ba52b186998b33c44f930e0a5e1c852fd3aef6f54a4dc7fccc9dfc987b29afaa9f1735c1b59309637855081737a16c270a24bf297b
-
SSDEEP
12288:y13yuZG8+De1kIse8LRWjrZCollIoNE8kAZu33vK541r:y13yuZGVteKRyjl6ikSC3vy41r
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-