General
-
Target
orderanddrawings_pdf.exe
-
Size
1.0MB
-
Sample
241120-k84a5avgkq
-
MD5
4726039e5f4d03f6f3f9cc0cd8d423a1
-
SHA1
3dc80b737f67481eb0385b2a25058309c7a63989
-
SHA256
9970fc1f94630a822d109fd53bcb3fe1ed51bd5359007e3e4f570c0f85f3a040
-
SHA512
69487f9904d791cfe64cfeb6f7707032a843858eae747fcec5b3ca88286ce2de43e8324a9c85482c1d9353f7509ef749e7dc68775335f940e2178d8094218dd5
-
SSDEEP
24576:6tb20pkaCqT5TBWgNQ7a7Na6KD3176FE6A:nVg5tQ7a7NatDZ6C5
Static task
static1
Behavioral task
behavioral1
Sample
orderanddrawings_pdf.exe
Resource
win7-20240903-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.gizemetiket.com.tr - Port:
21 - Username:
pgizemM6 - Password:
giz95Ffg
Targets
-
-
Target
orderanddrawings_pdf.exe
-
Size
1.0MB
-
MD5
4726039e5f4d03f6f3f9cc0cd8d423a1
-
SHA1
3dc80b737f67481eb0385b2a25058309c7a63989
-
SHA256
9970fc1f94630a822d109fd53bcb3fe1ed51bd5359007e3e4f570c0f85f3a040
-
SHA512
69487f9904d791cfe64cfeb6f7707032a843858eae747fcec5b3ca88286ce2de43e8324a9c85482c1d9353f7509ef749e7dc68775335f940e2178d8094218dd5
-
SSDEEP
24576:6tb20pkaCqT5TBWgNQ7a7Na6KD3176FE6A:nVg5tQ7a7NatDZ6C5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-