General
-
Target
82f1400b70355ba0cff1024a37daf4e3c4137859169c219dc242116ee1f3b042
-
Size
562KB
-
Sample
241226-bgxvlasrc1
-
MD5
29c297c5ff44828eaa5b6b318cfd804c
-
SHA1
eb0c180e272454c739cd64cfb1f38e2b3f1b30d5
-
SHA256
82f1400b70355ba0cff1024a37daf4e3c4137859169c219dc242116ee1f3b042
-
SHA512
1b24be865a36140449dda7838f97d7c75c2121bb073469310b684732048f0167444bc1f86a82750642c7d6791f4e159c05e02fd305464abc9ba41d9233c00bbf
-
SSDEEP
12288:cm1dfGAxNj3KgiGp7vOjZwvrNmMNnV8uMkg5qdZM8s5ghOFU:cm1dfP7iGJOjZamMNnmf3cdPwC
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.antoniomayol.com:21 - Port:
21 - Username:
[email protected] - Password:
cMhKDQUk1{;%
Targets
-
-
Target
INVOICE-098765.exe
-
Size
651KB
-
MD5
06ef062a237dc02027b7122c821763a9
-
SHA1
0c504f1012ecc2879ec5f2f88da5bbc58e594941
-
SHA256
5e4edc7e45904e83bfd4cc542ed88145256f001b7099628b76d775fbfab0cba2
-
SHA512
5f266ae20c7dc5e6793689401b279a17920a7a553cb31d0a209caa425aa5bd6d7e1e99c01567e7de526c693dfb9769e3d3fdcc2a9afcaffb91cbc7535971c5bc
-
SSDEEP
12288:wYV6MorX7qzuC3QHO9FQVHPF51jgcbnhg7q51S8O3ghkFkw:PBXu9HGaVHbni+5/aCw
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-