General
-
Target
576a8ef62a3aa573eeb32128100bba673c0c967abf51ece921781608e13fbbd0
-
Size
642KB
-
Sample
241120-bnxheaxbmh
-
MD5
d4b3f9945cf3c5dde77b59ff2a31d909
-
SHA1
138d9e064e5bb1dcab05900e550062f8093d233a
-
SHA256
576a8ef62a3aa573eeb32128100bba673c0c967abf51ece921781608e13fbbd0
-
SHA512
6548ef0ee3ed23d43e552cd4fc30c848c90e46914198e71eb035f8ead974ce324f02a98f6fa578acff14de9b34bd89a532fd11aa1928ca4c80e2fd860488ec36
-
SSDEEP
12288:zOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPivmtr0XThGhqnqoLZhrJn8vDwNDw:zq5TfcdHj4fmb0Eqnq4187D
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.stingatoareincendii.ro - Port:
21 - Username:
[email protected] - Password:
3.*RYhlG)lkA
Targets
-
-
Target
576a8ef62a3aa573eeb32128100bba673c0c967abf51ece921781608e13fbbd0
-
Size
642KB
-
MD5
d4b3f9945cf3c5dde77b59ff2a31d909
-
SHA1
138d9e064e5bb1dcab05900e550062f8093d233a
-
SHA256
576a8ef62a3aa573eeb32128100bba673c0c967abf51ece921781608e13fbbd0
-
SHA512
6548ef0ee3ed23d43e552cd4fc30c848c90e46914198e71eb035f8ead974ce324f02a98f6fa578acff14de9b34bd89a532fd11aa1928ca4c80e2fd860488ec36
-
SSDEEP
12288:zOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPivmtr0XThGhqnqoLZhrJn8vDwNDw:zq5TfcdHj4fmb0Eqnq4187D
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-