General
-
Target
99206e5a1375e1a71896c032f6dde854ab4aa95129f9a8b6612410a3f26a5c04
-
Size
593KB
-
Sample
241124-bkjgdawncw
-
MD5
127d0f9f21dc0480c5939673ffe480bf
-
SHA1
76e3c7c9d63bd599f247c84f0069c137bd052d34
-
SHA256
99206e5a1375e1a71896c032f6dde854ab4aa95129f9a8b6612410a3f26a5c04
-
SHA512
eec53461b14df8382ed518db3d0df0031f54eba0360b92b8a4fb3df83c8d5276d41ada9214d37cb4229f261535a4b89e4f917aa7ce7cd7f140e39017ee80e9f9
-
SSDEEP
12288:jbQTh8E9aqRYHPa5LnpqS7LoKS17XBY1/dU:jbQCEgqaCbo1211U
Static task
static1
Behavioral task
behavioral1
Sample
99206e5a1375e1a71896c032f6dde854ab4aa95129f9a8b6612410a3f26a5c04.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
99206e5a1375e1a71896c032f6dde854ab4aa95129f9a8b6612410a3f26a5c04.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.ciftci.com.tr/ - Port:
21 - Username:
[email protected] - Password:
Wefullground2#
Protocol: ftp- Host:
ftp://ftp.ciftci.com.tr/ - Port:
21 - Username:
[email protected] - Password:
Wefullground2#
Extracted
Protocol: ftp- Host:
ftp.ciftci.com.tr - Port:
21 - Username:
[email protected] - Password:
Wefullground2#
Targets
-
-
Target
99206e5a1375e1a71896c032f6dde854ab4aa95129f9a8b6612410a3f26a5c04
-
Size
593KB
-
MD5
127d0f9f21dc0480c5939673ffe480bf
-
SHA1
76e3c7c9d63bd599f247c84f0069c137bd052d34
-
SHA256
99206e5a1375e1a71896c032f6dde854ab4aa95129f9a8b6612410a3f26a5c04
-
SHA512
eec53461b14df8382ed518db3d0df0031f54eba0360b92b8a4fb3df83c8d5276d41ada9214d37cb4229f261535a4b89e4f917aa7ce7cd7f140e39017ee80e9f9
-
SSDEEP
12288:jbQTh8E9aqRYHPa5LnpqS7LoKS17XBY1/dU:jbQCEgqaCbo1211U
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-