General
-
Target
a7b7c1c9960e99714eee908a8e5557561c65d13794c0d8c064f6811676a17128
-
Size
535KB
-
Sample
241121-bwqd3aybml
-
MD5
cc4567c9d75a773caa877465d0dba10b
-
SHA1
ef4c193bc4c1801188dcc570fc8b06d35c84d789
-
SHA256
a7b7c1c9960e99714eee908a8e5557561c65d13794c0d8c064f6811676a17128
-
SHA512
5821b62b199a01ca1e9503dbf6cfae959d93658e6b264e3dfea5ad0e8d30b9ebf554ff1f44c4485cfb30100ac569c3afa32c338b26ad8db3504c5f21fa3046ee
-
SSDEEP
12288:sC2vUzXs6YubDEBtHY1+Xl8Ft8IaubT16/O:sC2vUzc6YUDEBt4wXl0t1aubT1
Static task
static1
Behavioral task
behavioral1
Sample
Orden de Compra No. 78986756565344657.exe
Resource
win7-20240903-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.fosna.net - Port:
21 - Username:
[email protected] - Password:
=A+N^@~c]~#I
Targets
-
-
Target
Orden de Compra No. 78986756565344657.exe
-
Size
1020KB
-
MD5
ec54ec96f798986e11e21ae30143d86f
-
SHA1
08d5f0df9b9b930df3239dd7d3708f2657c9bf7a
-
SHA256
ee135e88c1e612f8298bbd73b83b6276e3654a1dfdbc92bfd0a58357d69ad9a3
-
SHA512
0299e4043aa6b130a75aa6b86ce268a9be6729e0daadf6fec079a76fddaa29e1bc85c9f21c0829703ef7ffa8d138f99a8bbd3c81a0fce5d84ec6588ac3095d37
-
SSDEEP
24576:ju6J33O0c+JY5UZ+XC0kGso6Faku/9ASEiGOLbnWY:tu0c++OCvkGs9Faku/KPLiiY
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-