General
-
Target
69a34f1442f8ec45032cc2b6a830ab9b3f95d4059f117c3d0a2b647ebcf891c5
-
Size
913KB
-
Sample
250115-beb54svpgy
-
MD5
9de3dc56481130839189ba3463a6de22
-
SHA1
4b6689b422e23dd0b9a507f69f49a4a45b296fc2
-
SHA256
69a34f1442f8ec45032cc2b6a830ab9b3f95d4059f117c3d0a2b647ebcf891c5
-
SHA512
5b6df4f879cc09c612d43475ea408af12b51ad4a459dbc9c9f85cedac01151214a9a576412c4d75424fbdffaf0b9aa44ce6ae6a429f8923c0031ce90b70a644e
-
SSDEEP
24576:1AWaTrRyfk4XYoJ+nwH/Tjvnz4qsATGICS8IZpkuk3YUPA:1BHXfTjvz4KGAUsUPA
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.fosna.net - Port:
21 - Username:
[email protected] - Password:
(=8fPSH$KO_!
Targets
-
-
Target
DHL ESTADO DE CUENTA - 7664557687757..exe
-
Size
938KB
-
MD5
6093303017b7a7bc7da70d82eadcc1e5
-
SHA1
0a54dafcf21e908658db8c968ac144200462f404
-
SHA256
ca48eb6ba51153c4b0674da66234a5925daaf036a8b20a7d4aacbf40619b35ed
-
SHA512
ec3ed99dc1c1b4537e36c28d325add376555b97d855a9d5280931f3834fcf42260ae37b7c51e1ca753a19ab4f016c0326abfc8a89c66454877d16989ad4fcf24
-
SSDEEP
24576:xiUmSB/o5d1ubcvq/IrcTJOf6cMPFRvwHrQMsriJxX5OM9hpy:x/mU/ohubcvq/mcTJOdiaLQfrWxpr9v
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-