General
-
Target
1e6a8f176a0d7a9bd0321b4c032153f48b244be1584137453bf1afc07ea10157.exe
-
Size
601KB
-
Sample
250111-czz84szjb1
-
MD5
79129cf9382f91ab74a895cd2c5a0c7f
-
SHA1
e1590b1a5ab3212dd35732affffb68236a2ca8b2
-
SHA256
1e6a8f176a0d7a9bd0321b4c032153f48b244be1584137453bf1afc07ea10157
-
SHA512
27a07feaa25f9aef7e62292a92197ffcc33a98200b21c26227afe6d0ffb658257846257321828afd332dfe360713c45462c2c65f940331cb9a33c581111e2807
-
SSDEEP
12288:0YV6MorX7qzuC3QHO9FQVHPF51jgckYY8bj8LfBmQdGFjZUBdYay3X8F:zBXu9HGaVHjY8n8LeWdzy3c
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.antoniomayol.com:21 - Port:
21 - Username:
[email protected] - Password:
cMhKDQUk1{;%
Targets
-
-
Target
1e6a8f176a0d7a9bd0321b4c032153f48b244be1584137453bf1afc07ea10157.exe
-
Size
601KB
-
MD5
79129cf9382f91ab74a895cd2c5a0c7f
-
SHA1
e1590b1a5ab3212dd35732affffb68236a2ca8b2
-
SHA256
1e6a8f176a0d7a9bd0321b4c032153f48b244be1584137453bf1afc07ea10157
-
SHA512
27a07feaa25f9aef7e62292a92197ffcc33a98200b21c26227afe6d0ffb658257846257321828afd332dfe360713c45462c2c65f940331cb9a33c581111e2807
-
SSDEEP
12288:0YV6MorX7qzuC3QHO9FQVHPF51jgckYY8bj8LfBmQdGFjZUBdYay3X8F:zBXu9HGaVHjY8n8LeWdzy3c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-