General
-
Target
325f8b7cb5f2bd3c93b6052bc44407c878feef638ed6303b9385185b05ac3f67
-
Size
812KB
-
Sample
241017-bgy3natdre
-
MD5
6142aad778dc57ae2ecfe036c2d11c4e
-
SHA1
73d3b45ab4812f445b6cf1c58ea7b7fdf47295a8
-
SHA256
325f8b7cb5f2bd3c93b6052bc44407c878feef638ed6303b9385185b05ac3f67
-
SHA512
5f4fd5212843e106ce21bebcc0776bb8647cd83de9a07e9b50ac6bbec72947b5eb288ba12a19685e9c238bc69ee4b8133fd05e7cf5797b40db2fb0269480ec3b
-
SSDEEP
12288:mB3yuZG8+De1kIse8LRWjrZCollIoNE8kzZu3vvK541rs:mB3yuZGVteKRyjl6ik1Cvvy41rs
Static task
static1
Behavioral task
behavioral1
Sample
325f8b7cb5f2bd3c93b6052bc44407c878feef638ed6303b9385185b05ac3f67.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
325f8b7cb5f2bd3c93b6052bc44407c878feef638ed6303b9385185b05ac3f67.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.aminhacorretora.com.br - Port:
21 - Username:
[email protected] - Password:
_yA=,M5*J?KH
Targets
-
-
Target
325f8b7cb5f2bd3c93b6052bc44407c878feef638ed6303b9385185b05ac3f67
-
Size
812KB
-
MD5
6142aad778dc57ae2ecfe036c2d11c4e
-
SHA1
73d3b45ab4812f445b6cf1c58ea7b7fdf47295a8
-
SHA256
325f8b7cb5f2bd3c93b6052bc44407c878feef638ed6303b9385185b05ac3f67
-
SHA512
5f4fd5212843e106ce21bebcc0776bb8647cd83de9a07e9b50ac6bbec72947b5eb288ba12a19685e9c238bc69ee4b8133fd05e7cf5797b40db2fb0269480ec3b
-
SSDEEP
12288:mB3yuZG8+De1kIse8LRWjrZCollIoNE8kzZu3vvK541rs:mB3yuZGVteKRyjl6ik1Cvvy41rs
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-