General
-
Target
e5b6cda78a342ea9f8f9f62853995a251ef13ce90dbd18a80195f460852a94e6
-
Size
858KB
-
Sample
250109-bh19eatpdr
-
MD5
5625cbf471e51e71ede214a1236ca612
-
SHA1
d07a68d0d95ad9855d096e3e8ea680e31afd7e7f
-
SHA256
e5b6cda78a342ea9f8f9f62853995a251ef13ce90dbd18a80195f460852a94e6
-
SHA512
2fe51828e092723dad0add4601c01279478c34af3cdee530bc03005ef912e8e438b584b45cbdb7b6682d4a14b801267835f65f4b4b1edf477093fbf11ea4d090
-
SSDEEP
24576:5iUmSB/o5d1ubcvi0X6qMhXRqOyzrNMZBZT:5/mU/ohubcvi9xXk1zpMZB
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.fosna.net - Port:
21 - Username:
[email protected] - Password:
(=8fPSH$KO_!
Targets
-
-
Target
e5b6cda78a342ea9f8f9f62853995a251ef13ce90dbd18a80195f460852a94e6
-
Size
858KB
-
MD5
5625cbf471e51e71ede214a1236ca612
-
SHA1
d07a68d0d95ad9855d096e3e8ea680e31afd7e7f
-
SHA256
e5b6cda78a342ea9f8f9f62853995a251ef13ce90dbd18a80195f460852a94e6
-
SHA512
2fe51828e092723dad0add4601c01279478c34af3cdee530bc03005ef912e8e438b584b45cbdb7b6682d4a14b801267835f65f4b4b1edf477093fbf11ea4d090
-
SSDEEP
24576:5iUmSB/o5d1ubcvi0X6qMhXRqOyzrNMZBZT:5/mU/ohubcvi9xXk1zpMZB
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-