General
-
Target
bca570a537a8cfdf4e43c548ec44a2059ae286e237246b22e0e0281ea9275064
-
Size
1.8MB
-
Sample
250114-ca2ewatkbz
-
MD5
bf3e09248c941fc84a803f09eb928a90
-
SHA1
e8149dba7a2c4bdae8e75c41ce0a1b6095374f82
-
SHA256
bca570a537a8cfdf4e43c548ec44a2059ae286e237246b22e0e0281ea9275064
-
SHA512
878cdbe30de997fee137cb10e86265dfdf970650a516d3e7543c639f30c086a704286a408623efda13bcbff07c992a4012455c716698d173bd136d5ebad325bd
-
SSDEEP
24576:y60kajlPLxtaV3s79WoD1DNx4aCNkEk/v1RIAhjLoamMiX4lNmZg0YxegPbUIDPP:EkajFtspsAOx4FNkLjLoyEkmZ9Y14
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.vizzwebsolutions.com/ - Port:
21 - Username:
[email protected] - Password:
computer619
Targets
-
-
Target
bca570a537a8cfdf4e43c548ec44a2059ae286e237246b22e0e0281ea9275064
-
Size
1.8MB
-
MD5
bf3e09248c941fc84a803f09eb928a90
-
SHA1
e8149dba7a2c4bdae8e75c41ce0a1b6095374f82
-
SHA256
bca570a537a8cfdf4e43c548ec44a2059ae286e237246b22e0e0281ea9275064
-
SHA512
878cdbe30de997fee137cb10e86265dfdf970650a516d3e7543c639f30c086a704286a408623efda13bcbff07c992a4012455c716698d173bd136d5ebad325bd
-
SSDEEP
24576:y60kajlPLxtaV3s79WoD1DNx4aCNkEk/v1RIAhjLoamMiX4lNmZg0YxegPbUIDPP:EkajFtspsAOx4FNkLjLoyEkmZ9Y14
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-