General
-
Target
ecdf5a4f4191250ddfb21f3aa6f469303680a4da7abd8fb50214cc2441e18f82
-
Size
1.0MB
-
Sample
241223-bses6atjh1
-
MD5
6431d1df9cb200df2ca097335f3db551
-
SHA1
3b45b56a7b8b2da3a63d6622d4a79eb7a9af8174
-
SHA256
ecdf5a4f4191250ddfb21f3aa6f469303680a4da7abd8fb50214cc2441e18f82
-
SHA512
27872010646a8fdc6a14ffdcebd066d6414ac042d77da86f111399c619cec5e9e9f4a04b1569c609ba547e1226962341457e19b99b6d7c93bf74001750aa4490
-
SSDEEP
24576:Tu6J33O0c+JY5UZ+XC0kGso6FairsBMUjSYGWY:9u0c++OCvkGs9FaiY6U7Y
Static task
static1
Behavioral task
behavioral1
Sample
ecdf5a4f4191250ddfb21f3aa6f469303680a4da7abd8fb50214cc2441e18f82.exe
Resource
win7-20240903-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.stingatoareincendii.ro - Port:
21 - Username:
[email protected] - Password:
3.*RYhlG)lkA
Targets
-
-
Target
ecdf5a4f4191250ddfb21f3aa6f469303680a4da7abd8fb50214cc2441e18f82
-
Size
1.0MB
-
MD5
6431d1df9cb200df2ca097335f3db551
-
SHA1
3b45b56a7b8b2da3a63d6622d4a79eb7a9af8174
-
SHA256
ecdf5a4f4191250ddfb21f3aa6f469303680a4da7abd8fb50214cc2441e18f82
-
SHA512
27872010646a8fdc6a14ffdcebd066d6414ac042d77da86f111399c619cec5e9e9f4a04b1569c609ba547e1226962341457e19b99b6d7c93bf74001750aa4490
-
SSDEEP
24576:Tu6J33O0c+JY5UZ+XC0kGso6FairsBMUjSYGWY:9u0c++OCvkGs9FaiY6U7Y
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-