General
-
Target
Compra_600000376.001
-
Size
567KB
-
Sample
241115-v6vlbayejm
-
MD5
a72f4506922701f357767064415c845a
-
SHA1
c26d95b6b65eaa7c1ab1300f6c1d6bd1ad0bb16c
-
SHA256
883520fe10700a49aaf93a8d0fea197c7aca4d3af10c409f4210cb0cfaed75e9
-
SHA512
0a9d31abb15bdb7ca5b1123a419988fe0c5c75ebd4b54420a8e9c2d84d997880110a82469c66b0599ccf2e1db57dc9294b0b71a6ebb03b9ef570bbcc1d8b17d5
-
SSDEEP
12288:MCmPDbtgglk3nYsDe48pPGm/5NoTsTdeb5JlOap2ax:yPntggYnLqeg5NHQbeax
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.stingatoareincendii.ro - Port:
21 - Username:
[email protected] - Password:
3.*RYhlG)lkA
Targets
-
-
Target
Compra_600000376.exe
-
Size
649KB
-
MD5
63abd958f823c530adf43b1bb352682b
-
SHA1
1c1e62524bab0ae93b5cacc96c6131d7ae807668
-
SHA256
78ba167393b90253983058b4b3456dc65d3bb07d10bc61c70e5b4f5d5d43ad96
-
SHA512
20e39b473d83aa25c2cb420f73577b49ea11569833315051bcab140e51b7a01ca749b33c33bbae797e5dfb5c8d549e6204f49a8b2c3983bb3dba9b7e1b5201db
-
SSDEEP
12288:POv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPifUcTb1x7uA/bJUkpaY1:Pq5TfcdHj4fmbsUmO8JUO1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-