General
-
Target
4269ba98d7b441fc6bf599896599cc07fa42627b2243eac3859de1e175f65969.exe
-
Size
539KB
-
Sample
241226-dw319svrgs
-
MD5
c97126c4ebd59d76fe67b466badc163c
-
SHA1
4fbafeab6572e5b226078f0f117836afe6aedec8
-
SHA256
4269ba98d7b441fc6bf599896599cc07fa42627b2243eac3859de1e175f65969
-
SHA512
3e1168e28403add26cb205a83ba04204991ec20d1996e81570bd018efcd04fe0fc95202d315eabc24a6d0f697d59c100d9b12a8d1967c048820de9dd4cdc9a99
-
SSDEEP
12288:LquErHF6xC9D6DmR1J98w4oknqOOCyQfDp0ZOJovZNf9t7E:Srl6kD68JmlotQfaZz7f7E
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.stingatoareincendii.ro - Port:
21 - Username:
[email protected] - Password:
3.*RYhlG)lkA
Targets
-
-
Target
4269ba98d7b441fc6bf599896599cc07fa42627b2243eac3859de1e175f65969.exe
-
Size
539KB
-
MD5
c97126c4ebd59d76fe67b466badc163c
-
SHA1
4fbafeab6572e5b226078f0f117836afe6aedec8
-
SHA256
4269ba98d7b441fc6bf599896599cc07fa42627b2243eac3859de1e175f65969
-
SHA512
3e1168e28403add26cb205a83ba04204991ec20d1996e81570bd018efcd04fe0fc95202d315eabc24a6d0f697d59c100d9b12a8d1967c048820de9dd4cdc9a99
-
SSDEEP
12288:LquErHF6xC9D6DmR1J98w4oknqOOCyQfDp0ZOJovZNf9t7E:Srl6kD68JmlotQfaZz7f7E
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-