General
-
Target
21012025_0012_20012025_Orden 548850-30-AG24.GZ
-
Size
744KB
-
Sample
250121-ahdbxawpbk
-
MD5
66b5d40224e4efefb537a0b1504237d6
-
SHA1
da2c4b099e963ece1cc78af2c94cd2209f3bb78e
-
SHA256
ced36d47dee074eb7500bd9e687fa357fb2077df908cf0ca017660aa94cbedf6
-
SHA512
f83899284ffd83b8d9bec64f03cafe3d22727374d9e197bb684fd5bc7914d1e3423fc5202c999834342f5e756eaf07550ac73a833049eaf82b8c952b1186ecd7
-
SSDEEP
12288:3HmV/54cNmO8sK1L8xqR4Ax8qP+hez5zNftKpFJ/C/TbX69zTChCgZAC:3GVGcNeL1L8kRHxx+ol8/YX6ZTavZAC
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.stingatoareincendii.ro - Port:
21 - Username:
[email protected] - Password:
3.*RYhlG)lkA
Targets
-
-
Target
Orden 548850-30-AG24.exe
-
Size
832KB
-
MD5
34681d3c8eddebad6a474bd7d94a8c97
-
SHA1
15f4ea1f1ff6b7e475c5bc88539ee3cf54131daf
-
SHA256
12d0881c536038fde2a0a2a7e74fe7a4e047bd17713b5865e33561326032b529
-
SHA512
1a49261ac51b33c1732da142a65721f5da6d413e0cb6dd55dcd27b1e503bd55407a576120cffeb504e5cac71885cd83944c0e2d44fc88a37a1f2e8445ceceb84
-
SSDEEP
12288:46Wq4aaE6KwyF5L0Y2D1PqLE6KycFfoaBIwQf2xaFsILaiXtxWyGTv7xvp:OthEVaPqLE6jce+IwW9yILpdxDi7dp
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-