General
-
Target
QUOTATION#00430.exe
-
Size
1.3MB
-
Sample
250124-saffeatmev
-
MD5
e7ab46308b583d9fa2239a3ed04e9542
-
SHA1
1afb9be479dbf4b559fd77485253bfff69200444
-
SHA256
24c0156c6d0f429c724c7b3d8dfbd803761d36e9461b4123765e136ec148b807
-
SHA512
aacdcfbca9dc9cb4eb63e68739423b144ed5543d10680dbbcd3013f44012fe28917bb1c9916ef61979efe0a63d921c664553856671847cbaf6c5b7766c3bbc05
-
SSDEEP
24576:KRmJkcoQricOIQxiZY1ia23X3tfWK49iLNICvGt2ys+Faze6su:PJZoQrbTFZY1ia2H3tfRvNzvhUFa6m
Malware Config
Extracted
Protocol: ftp- Host:
ftp.ercolina-usa.com - Port:
21 - Username:
[email protected] - Password:
nXe0M~WkW&nJ
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.ercolina-usa.com - Port:
21 - Username:
[email protected] - Password:
nXe0M~WkW&nJ
Targets
-
-
Target
QUOTATION#00430.exe
-
Size
1.3MB
-
MD5
e7ab46308b583d9fa2239a3ed04e9542
-
SHA1
1afb9be479dbf4b559fd77485253bfff69200444
-
SHA256
24c0156c6d0f429c724c7b3d8dfbd803761d36e9461b4123765e136ec148b807
-
SHA512
aacdcfbca9dc9cb4eb63e68739423b144ed5543d10680dbbcd3013f44012fe28917bb1c9916ef61979efe0a63d921c664553856671847cbaf6c5b7766c3bbc05
-
SSDEEP
24576:KRmJkcoQricOIQxiZY1ia23X3tfWK49iLNICvGt2ys+Faze6su:PJZoQrbTFZY1ia2H3tfRvNzvhUFa6m
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-