General
-
Target
d41958cd03f3b6a5d35bfffbe5ac6433df12e1219958e7a2e6e79ccfb8c9163f
-
Size
1005KB
-
Sample
250124-bj2lkatpap
-
MD5
ca278d1f75ba838c94bbcd345efaeb2a
-
SHA1
799d4a14d169577b093cd940af3665aa74cd6e96
-
SHA256
d41958cd03f3b6a5d35bfffbe5ac6433df12e1219958e7a2e6e79ccfb8c9163f
-
SHA512
a3ee4b8b74b2fd1c0baa4ec4deccf6caf3348e2a250b302d7d7d2f6dc896f490e81e58159a19df9fe0b6d82e291109f9df3be79d53c8b61e5260c40d120e5cb7
-
SSDEEP
12288:3CdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBga8T5a2N8GdM:3Cdxte/80jYLT3U1jfsWaM5a2N85EpQ
Static task
static1
Behavioral task
behavioral1
Sample
d41958cd03f3b6a5d35bfffbe5ac6433df12e1219958e7a2e6e79ccfb8c9163f.exe
Resource
win7-20240729-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.solucionesmexico.mx - Port:
21 - Username:
[email protected] - Password:
dGG^ZYIxX5!B
Targets
-
-
Target
d41958cd03f3b6a5d35bfffbe5ac6433df12e1219958e7a2e6e79ccfb8c9163f
-
Size
1005KB
-
MD5
ca278d1f75ba838c94bbcd345efaeb2a
-
SHA1
799d4a14d169577b093cd940af3665aa74cd6e96
-
SHA256
d41958cd03f3b6a5d35bfffbe5ac6433df12e1219958e7a2e6e79ccfb8c9163f
-
SHA512
a3ee4b8b74b2fd1c0baa4ec4deccf6caf3348e2a250b302d7d7d2f6dc896f490e81e58159a19df9fe0b6d82e291109f9df3be79d53c8b61e5260c40d120e5cb7
-
SSDEEP
12288:3CdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBga8T5a2N8GdM:3Cdxte/80jYLT3U1jfsWaM5a2N85EpQ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-