General
-
Target
b8cc09436362f744e7ceb7fdbcbbe53b0de7741e6584b35520c9a38937b35c69
-
Size
867KB
-
Sample
250125-bsqknaykes
-
MD5
3905d8eb530a872db92e514962ce18d5
-
SHA1
4e942ecbe869a151c28c7bc0d8dbebc1e5342a98
-
SHA256
b8cc09436362f744e7ceb7fdbcbbe53b0de7741e6584b35520c9a38937b35c69
-
SHA512
b2587d21436c798d75afbd31664f4832c4624fd8d90c849b97dcc8c2c886c874901c348f0303c89bace0787d6030e30c28a40f813920890268b96431d48c4a59
-
SSDEEP
24576:0thEVaPqLqnIAGJDgwsOe1Vd1yZec45vUJRQlgBdL:IEVUcBAG1gwFoHsd4VULQlkL
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.antoniomayol.com:21 - Port:
21 - Username:
[email protected] - Password:
cMhKDQUk1{;%
Targets
-
-
Target
b8cc09436362f744e7ceb7fdbcbbe53b0de7741e6584b35520c9a38937b35c69
-
Size
867KB
-
MD5
3905d8eb530a872db92e514962ce18d5
-
SHA1
4e942ecbe869a151c28c7bc0d8dbebc1e5342a98
-
SHA256
b8cc09436362f744e7ceb7fdbcbbe53b0de7741e6584b35520c9a38937b35c69
-
SHA512
b2587d21436c798d75afbd31664f4832c4624fd8d90c849b97dcc8c2c886c874901c348f0303c89bace0787d6030e30c28a40f813920890268b96431d48c4a59
-
SSDEEP
24576:0thEVaPqLqnIAGJDgwsOe1Vd1yZec45vUJRQlgBdL:IEVUcBAG1gwFoHsd4VULQlkL
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-