General
-
Target
96f771c11f31eeb7ff503c99e2add907aa3b1a20674a20ecff42e5af758a2b2c
-
Size
1.1MB
-
Sample
241111-bzxybazapr
-
MD5
6bb329ed6da1edd0d48177662349a02f
-
SHA1
208288af7cd8d6fa8b6fbf5bf911c23407e7cd56
-
SHA256
96f771c11f31eeb7ff503c99e2add907aa3b1a20674a20ecff42e5af758a2b2c
-
SHA512
a73de72668ce345f53df9df3406452a0ba38e967135d26a80a07e2e57d906c8c3346cfd459b5ae73aafa707a0501ee2bc22e68797160ecb27dba7f99b84aca9a
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaC5Bpmth937sXGNttdK1zHC:7JZoQrbTFZY1iaC5vml37sXGNt2c
Static task
static1
Behavioral task
behavioral1
Sample
96f771c11f31eeb7ff503c99e2add907aa3b1a20674a20ecff42e5af758a2b2c.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
96f771c11f31eeb7ff503c99e2add907aa3b1a20674a20ecff42e5af758a2b2c.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.stingatoareincendii.ro - Port:
21 - Username:
[email protected] - Password:
3.*RYhlG)lkA
Targets
-
-
Target
96f771c11f31eeb7ff503c99e2add907aa3b1a20674a20ecff42e5af758a2b2c
-
Size
1.1MB
-
MD5
6bb329ed6da1edd0d48177662349a02f
-
SHA1
208288af7cd8d6fa8b6fbf5bf911c23407e7cd56
-
SHA256
96f771c11f31eeb7ff503c99e2add907aa3b1a20674a20ecff42e5af758a2b2c
-
SHA512
a73de72668ce345f53df9df3406452a0ba38e967135d26a80a07e2e57d906c8c3346cfd459b5ae73aafa707a0501ee2bc22e68797160ecb27dba7f99b84aca9a
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaC5Bpmth937sXGNttdK1zHC:7JZoQrbTFZY1iaC5vml37sXGNt2c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-