General
-
Target
336f0150fdcd079305bc991b95fed2791fbe7c9298b915191ffc5b525c0e2b27
-
Size
676KB
-
Sample
241122-brd58sxmfl
-
MD5
7e188ffbaed4c494d519de1bc9facd90
-
SHA1
5676b0d48b0acd68ba5f5bdc354a8f898fc54ba7
-
SHA256
336f0150fdcd079305bc991b95fed2791fbe7c9298b915191ffc5b525c0e2b27
-
SHA512
ba4c115ad903486ee58785f78806d0ff5a287792debb38fc588f06d131dbc31a550a3b5d8fe004c6a9e24577b93243fb6879d4bea18ca100ae1606b8c16bc477
-
SSDEEP
12288:eGfF0YB8c08pH+2SjmtLiJQEv0MPbExERXyn37JPSS3LYNini:eM7F82EC4Qq0+ExERXyLImUii
Static task
static1
Behavioral task
behavioral1
Sample
packing list l kyritsis.PDF.exe
Resource
win7-20240708-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.solucionesmexico.mx - Port:
21 - Username:
[email protected] - Password:
dGG^ZYIxX5!B
Targets
-
-
Target
packing list l kyritsis.PDF.exe
-
Size
961KB
-
MD5
9b5fd736ccb7d5e254de6cc4f5af7524
-
SHA1
faa2846f9580383ae9800357aba29d270cb5e129
-
SHA256
fcfbff5d4ca24328d97ee24d502bbf08d838ccfe5e52bb9dcfe4bdda976eede2
-
SHA512
e0a1b51638cabf51d34f8b2018df71b22108e3cfb6754a63286750048f13fe9cdae972c77fa28df26533309939aa7044586637b7c053b3c6f67be5964612decd
-
SSDEEP
24576:gtOrPOz+EzxWSsmSZCec/pkoqTe2z7ndB:Yz+iWSEZCZ/vy7nj
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-