General
-
Target
14112024_1558_14112024_Swift Copy 000293940040005959500000599505000.img
-
Size
1.2MB
-
Sample
241114-tetdha1emm
-
MD5
d0108c8fa97e0ebe194ca5fefd55eca8
-
SHA1
5080124a892fcf4b4f072f1cb2934521e33e8163
-
SHA256
01a4cf89055859c2fe281fff1634b8450f7e066b5ea9b9787a4fa904a61f0c27
-
SHA512
8df74198079f8b5cb7be59a9d100c098f9764f23baecd485d8553f7d528a95dbe220d9f24dc80e8fbebf847206bc9305f4aa9239d4ffba521e142a1fc0f48e42
-
SSDEEP
6144:ZV13JYAlkOFRH3D4i/awYYsQ2Ucu4zvgwgp2fdpWYvjEWjTj6F1gZ4sk:ZjmAvMVYs35/3CMpWov+J
Static task
static1
Behavioral task
behavioral1
Sample
Swift Copy 000293940040005959500000599505000.exe
Resource
win7-20240708-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.concaribe.com - Port:
21 - Username:
[email protected] - Password:
ro}UWgz#!38E
Extracted
Protocol: ftp- Host:
ftp.concaribe.com - Port:
21 - Username:
[email protected] - Password:
ro}UWgz#!38E
Targets
-
-
Target
Swift Copy 000293940040005959500000599505000.exe
-
Size
385KB
-
MD5
be9db428810324405b74f69d0c33b532
-
SHA1
4eae2c3c5793ac8b407a648db3434833d9877e4f
-
SHA256
cb91f601dfceef4ca12ce24f80ac1e55ab5fc5cc8dcfacefa02120241d429ae6
-
SHA512
ad02acbf7093bde2e36676670e3ff99562d88a3f8fa6f30bde6d7f0a43d888e5a1ff7d9a359dbbac7a60387bdde0dbecfe73f65a7c5817cb51f7bcc3aa81d0ad
-
SSDEEP
6144:oV13JYAlkOFRH3D4i/awYYsQ2Ucu4zvgwgp2fdpWYvjEWjTj6F1gZ4sk:ojmAvMVYs35/3CMpWov+J
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-