General
-
Target
53bb6272fea5747b234d1f91d0319db2ca01831ba34230585a39eae4af9d8330
-
Size
1.5MB
-
Sample
241104-bgmdvszekp
-
MD5
0597d5446bce6df2deaae0de8401fca5
-
SHA1
4d2e737866324db4b891ce57f10044eab160645f
-
SHA256
53bb6272fea5747b234d1f91d0319db2ca01831ba34230585a39eae4af9d8330
-
SHA512
775f36c68775b890f5ac2be083fdfb04663331bb7c91e374ef2265be757c4d458a6717f9f678a4262e0b21cd33b094f2534b3a5613ec79b411dab6a221565608
-
SSDEEP
24576:IqDEvCTbMWu7rQYlBQcBiT6rprG8a2X1HffbxXjcQ7E:ITvC/MTQYxsWR7a2Xhffbxb7
Static task
static1
Behavioral task
behavioral1
Sample
53bb6272fea5747b234d1f91d0319db2ca01831ba34230585a39eae4af9d8330.exe
Resource
win7-20240903-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.gizemetiket.com.tr - Port:
21 - Username:
pgizemM6 - Password:
giz95Ffg
Targets
-
-
Target
53bb6272fea5747b234d1f91d0319db2ca01831ba34230585a39eae4af9d8330
-
Size
1.5MB
-
MD5
0597d5446bce6df2deaae0de8401fca5
-
SHA1
4d2e737866324db4b891ce57f10044eab160645f
-
SHA256
53bb6272fea5747b234d1f91d0319db2ca01831ba34230585a39eae4af9d8330
-
SHA512
775f36c68775b890f5ac2be083fdfb04663331bb7c91e374ef2265be757c4d458a6717f9f678a4262e0b21cd33b094f2534b3a5613ec79b411dab6a221565608
-
SSDEEP
24576:IqDEvCTbMWu7rQYlBQcBiT6rprG8a2X1HffbxXjcQ7E:ITvC/MTQYxsWR7a2Xhffbxb7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-