General
-
Target
be6b9143df8f98654c58dd4dfaa4f623991164859c8da87f8e9004199ef8a01a
-
Size
885KB
-
Sample
250123-py7ysa1rcq
-
MD5
d84ffff325be49413243ca6dd5b34a61
-
SHA1
527c554762128016b8df1f7931be8a013d97fb31
-
SHA256
be6b9143df8f98654c58dd4dfaa4f623991164859c8da87f8e9004199ef8a01a
-
SHA512
abbf890b190f2e480bb15ab88926d6aa4671dba05032e4e12080db48086898e1633ac0b6c9645d5faa6496ac9d8101ca2ee86a822bef88a461cfe60f39d83c35
-
SSDEEP
24576:z7kOqWKoqnUlxpS4JivS8KxPe8/s0JeMqD6brG+:zICK/nqIKhx7U8eMqWb3
Malware Config
Extracted
Protocol: ftp- Host:
ftp.ercolina-usa.com - Port:
21 - Username:
[email protected] - Password:
nXe0M~WkW&nJ
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.ercolina-usa.com - Port:
21 - Username:
[email protected] - Password:
nXe0M~WkW&nJ
Targets
-
-
Target
QUOTATION#012325.exe
-
Size
1.3MB
-
MD5
a57704cfeac0d1524c56b355c8877231
-
SHA1
571e572b79a2dc6e7c04efe0b6c7bb260f6272e0
-
SHA256
a9811a63013f9a7fc654c88ab730f86187ef992231b230968c6d82a1e5ae5482
-
SHA512
ecc668d977733ecbd436d5e81e5a201e7cd8aa9cd60b85b0453c3e24a3d3d80acdc1713b4904a42e52be2ca33ba1c8806cc6a704386ae6cd6f195fe1286e0fb4
-
SSDEEP
24576:KRmJkcoQricOIQxiZY1ia23X3tfuoSrDoW0en5/pYH:PJZoQrbTFZY1ia2H3tf3Q0enVpg
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-