General
-
Target
2dfd01e12dc2fccf31615f2a3cbbfe57.bin
-
Size
825KB
-
Sample
241110-bgx6csypej
-
MD5
dd889dc6c9567b9112982630f9fc2378
-
SHA1
398b068f4e6d712eb0bacbd67c51fd1ac6b061d4
-
SHA256
575cbcc8b466f9d1a56fcce0b37ec83e34bffcc8ca336338a53c16cfdf3d7ecf
-
SHA512
cf3611492c73823bef3d38d06b00482111162585d0b604b22d2a6ded5e8f65d9b6f447ca162cf1ceedf8f96c1b983a56624251edffa4479a4bcc5f87e7f2b720
-
SSDEEP
24576:TDavaMmQJSD9hN6RpOYJjH/Z0zJsjmAFHu0O7h5:TDaCMmpEOJzJsjpS
Static task
static1
Behavioral task
behavioral1
Sample
b0fa52fead6b718bce1fd8816ad7201f648eb7483b3ec7cc284e26323e930807.exe
Resource
win7-20241010-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.gizemetiket.com.tr - Port:
21 - Username:
pgizemM6 - Password:
giz95Ffg
Targets
-
-
Target
b0fa52fead6b718bce1fd8816ad7201f648eb7483b3ec7cc284e26323e930807.exe
-
Size
1.1MB
-
MD5
2dfd01e12dc2fccf31615f2a3cbbfe57
-
SHA1
e5730f2e95683619befff146cea228a0092d99fa
-
SHA256
b0fa52fead6b718bce1fd8816ad7201f648eb7483b3ec7cc284e26323e930807
-
SHA512
e426b9fa6ad9b13354042279b567af3c9d54ae27bc207a733204562f923423c6e245546dad878bcaea6c5d2cb0a3a8f37eef0e16da8f3945cc734aac8b12c5b2
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCnukxzt2SHx3rKFp5pG:7JZoQrbTFZY1iaCnukxzt2SHlrkp5pG
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-