General
-
Target
8f7f66353174db19e733794b28e6463c0815719d5ebdc02006219cdef56d0a79
-
Size
711KB
-
Sample
241111-bxhqlszakp
-
MD5
c3d87770567053bbb7c54da3543b0c83
-
SHA1
b60efedd99fcf4fc2abd807a7a05ed8baaec0a41
-
SHA256
8f7f66353174db19e733794b28e6463c0815719d5ebdc02006219cdef56d0a79
-
SHA512
86f12f0c052a36eacb13211c089608e7edb0d737032a52f037543694bffa265c484d45988094ba3d0742dd34e17ceb047010a0ea2529984581361c4671a0a9a0
-
SSDEEP
12288:P9BvctM85t35JPNJj2WzoRLQYRYzmY7y9aRxSFL+VsbQtXqA+6r:PD0tM85tbNJjldeYiY7ywR+WsUtXqXa
Behavioral task
behavioral1
Sample
8f7f66353174db19e733794b28e6463c0815719d5ebdc02006219cdef56d0a79.exe
Resource
win7-20241023-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.stingatoareincendii.ro - Port:
21 - Username:
[email protected] - Password:
3.*RYhlG)lkA
Targets
-
-
Target
8f7f66353174db19e733794b28e6463c0815719d5ebdc02006219cdef56d0a79
-
Size
711KB
-
MD5
c3d87770567053bbb7c54da3543b0c83
-
SHA1
b60efedd99fcf4fc2abd807a7a05ed8baaec0a41
-
SHA256
8f7f66353174db19e733794b28e6463c0815719d5ebdc02006219cdef56d0a79
-
SHA512
86f12f0c052a36eacb13211c089608e7edb0d737032a52f037543694bffa265c484d45988094ba3d0742dd34e17ceb047010a0ea2529984581361c4671a0a9a0
-
SSDEEP
12288:P9BvctM85t35JPNJj2WzoRLQYRYzmY7y9aRxSFL+VsbQtXqA+6r:PD0tM85tbNJjldeYiY7ywR+WsUtXqXa
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-