General
-
Target
Documenti di spedizione.exe
-
Size
617KB
-
Sample
250120-jh4crsypfm
-
MD5
79cb40033e328f61fe68bd76dd67a7b3
-
SHA1
a68854ec2481fc2f874e2180dabb155e65c6fbd4
-
SHA256
255ddfdf1409d89110925cfa93ba323d1a68b6c0916764169eeea521867816a6
-
SHA512
7ef13f9f7e75c865a7c8140b9c615687e04cc1e46076de75a963952dff2d000576481854dce0e98cde8db9ee9c12f43cd8def9634fc7b00b09a0b95b6ca6e3cb
-
SSDEEP
12288:MDG0VKZA6BbbHyqrSXA8xvJMUzPvRQIBD7f/KYC+c8cIti62JB8PoZSBm:QKeybHyYSh1CefD7nxFTcIM62H87Bm
Malware Config
Extracted
Protocol: ftp- Host:
ftp.concaribe.com - Port:
21 - Username:
[email protected] - Password:
ro}UWgz#!38E
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.concaribe.com - Port:
21 - Username:
[email protected] - Password:
ro}UWgz#!38E
Targets
-
-
Target
Documenti di spedizione.exe
-
Size
617KB
-
MD5
79cb40033e328f61fe68bd76dd67a7b3
-
SHA1
a68854ec2481fc2f874e2180dabb155e65c6fbd4
-
SHA256
255ddfdf1409d89110925cfa93ba323d1a68b6c0916764169eeea521867816a6
-
SHA512
7ef13f9f7e75c865a7c8140b9c615687e04cc1e46076de75a963952dff2d000576481854dce0e98cde8db9ee9c12f43cd8def9634fc7b00b09a0b95b6ca6e3cb
-
SSDEEP
12288:MDG0VKZA6BbbHyqrSXA8xvJMUzPvRQIBD7f/KYC+c8cIti62JB8PoZSBm:QKeybHyYSh1CefD7nxFTcIM62H87Bm
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-