General
-
Target
5d04f6813a1596241cd9e92b09f132f5d5792dc9d05d1987076be1764b1b5287.exe
-
Size
1.3MB
-
Sample
241112-cvyvgssfnh
-
MD5
77a6968ce13da3aae320ed443558c9e8
-
SHA1
3bda87f3f356116afb970452bee2f9f408fb463b
-
SHA256
5d04f6813a1596241cd9e92b09f132f5d5792dc9d05d1987076be1764b1b5287
-
SHA512
1cae3a4f757beb4ff801ecb5d4c28a48d2725d7b3163f97419e6bd16e97dfb2a8b8029184c200a829ef97729aaaa8d857495480575dd8d897ab153aec768e8fe
-
SSDEEP
24576:85EmXFtKaL4/oFe5T9yyXYfP1ijXdaFl3MeSTXtwylJyuqyD2Eo0tC+k+6o:8PVt/LZeJbInQRaFl3MxL9pHiIt6+
Static task
static1
Behavioral task
behavioral1
Sample
5d04f6813a1596241cd9e92b09f132f5d5792dc9d05d1987076be1764b1b5287.exe
Resource
win7-20240903-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.gizemetiket.com.tr - Port:
21 - Username:
pgizemM6 - Password:
giz95Ffg
Targets
-
-
Target
5d04f6813a1596241cd9e92b09f132f5d5792dc9d05d1987076be1764b1b5287.exe
-
Size
1.3MB
-
MD5
77a6968ce13da3aae320ed443558c9e8
-
SHA1
3bda87f3f356116afb970452bee2f9f408fb463b
-
SHA256
5d04f6813a1596241cd9e92b09f132f5d5792dc9d05d1987076be1764b1b5287
-
SHA512
1cae3a4f757beb4ff801ecb5d4c28a48d2725d7b3163f97419e6bd16e97dfb2a8b8029184c200a829ef97729aaaa8d857495480575dd8d897ab153aec768e8fe
-
SSDEEP
24576:85EmXFtKaL4/oFe5T9yyXYfP1ijXdaFl3MeSTXtwylJyuqyD2Eo0tC+k+6o:8PVt/LZeJbInQRaFl3MxL9pHiIt6+
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-