General
-
Target
4922dfc90b043eecc3261ec058d54cd527da57bcef07ba2b88a395f06e5527d2
-
Size
572KB
-
Sample
241120-bkcc3axjfz
-
MD5
12de115ef657261dec6464d9dee00918
-
SHA1
1c67fa0a612ff20a558a83f013e094b2b30541b6
-
SHA256
4922dfc90b043eecc3261ec058d54cd527da57bcef07ba2b88a395f06e5527d2
-
SHA512
997fe819d0c5b9518a4da53668636f126f8b0865c7bc6acec6494dc1ec50421694074eb70be1ce8b85c81af3d3592162b3eea5bc1aad1b53341f34f440f79efa
-
SSDEEP
12288:pI+MDDiEuLxenld3jx6Cwud5//Y7Tw7plOxUp2Das7OilF9:tMv6onlxlwu//YYDOxUpOa2z9
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.stingatoareincendii.ro - Port:
21 - Username:
[email protected] - Password:
3.*RYhlG)lkA
Targets
-
-
Target
OC. 4515924646.exe
-
Size
642KB
-
MD5
d4b3f9945cf3c5dde77b59ff2a31d909
-
SHA1
138d9e064e5bb1dcab05900e550062f8093d233a
-
SHA256
576a8ef62a3aa573eeb32128100bba673c0c967abf51ece921781608e13fbbd0
-
SHA512
6548ef0ee3ed23d43e552cd4fc30c848c90e46914198e71eb035f8ead974ce324f02a98f6fa578acff14de9b34bd89a532fd11aa1928ca4c80e2fd860488ec36
-
SSDEEP
12288:zOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPivmtr0XThGhqnqoLZhrJn8vDwNDw:zq5TfcdHj4fmb0Eqnq4187D
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-