General
-
Target
3dc30eca9e2605ee856852687b05a74a8b9463de51a223b8344098ba7b402804.exe
-
Size
1.3MB
-
Sample
241104-cqqy3s1fmp
-
MD5
92eb7fdd42c1963733436dadbefe10eb
-
SHA1
cc9fdc3b7f4f407eda3ad5064d32bae0d211f15f
-
SHA256
3dc30eca9e2605ee856852687b05a74a8b9463de51a223b8344098ba7b402804
-
SHA512
434aef63d6b8710153c5f70319de27b13503ac9db7d115d8eb2ca905f7725f1180469da33396089b864b54c5425b2014e8eea005e6d7fafd15751a99abc64d3c
-
SSDEEP
24576:IqDEvCTbMWu7rQYlBQcBiT6rprG8aEfave0z8bFfCZ+SIN37VdYfkHCpmLb:ITvC/MTQYxsWR7aEfaRhbaLVdYfkig
Static task
static1
Behavioral task
behavioral1
Sample
3dc30eca9e2605ee856852687b05a74a8b9463de51a223b8344098ba7b402804.exe
Resource
win7-20240903-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.gizemetiket.com.tr - Port:
21 - Username:
pgizemM6 - Password:
giz95Ffg
Targets
-
-
Target
3dc30eca9e2605ee856852687b05a74a8b9463de51a223b8344098ba7b402804.exe
-
Size
1.3MB
-
MD5
92eb7fdd42c1963733436dadbefe10eb
-
SHA1
cc9fdc3b7f4f407eda3ad5064d32bae0d211f15f
-
SHA256
3dc30eca9e2605ee856852687b05a74a8b9463de51a223b8344098ba7b402804
-
SHA512
434aef63d6b8710153c5f70319de27b13503ac9db7d115d8eb2ca905f7725f1180469da33396089b864b54c5425b2014e8eea005e6d7fafd15751a99abc64d3c
-
SSDEEP
24576:IqDEvCTbMWu7rQYlBQcBiT6rprG8aEfave0z8bFfCZ+SIN37VdYfkHCpmLb:ITvC/MTQYxsWR7aEfaRhbaLVdYfkig
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-