General
-
Target
30062025_1836_Nuovo Ordine 0020994009590969607099.exe.iso
-
Size
1.2MB
-
Sample
250630-w8w3laaj9w
-
MD5
b99d8cd97329a2605ee34165f7280ce6
-
SHA1
aa92d1529526708a6e93d12a5ab8e06981a07f34
-
SHA256
1b9b82a21f9b18a8eb1161baa23110ebf8cdce006b96c8792076be6266419155
-
SHA512
b161e3b29bf45f7abce993b3598011b6f03690f68a88a42cd637eac3c404e60868b36a91db46a554afdb35f7b88a521e6f4e294bac4ef3b86e271a5911a0ef39
-
SSDEEP
12288:bMwC2L2cvCJqhDsyPQPUFqxBs1DNy82MvQ/0HN5j6SvVZ:bMwC2LXVgMwns1Jy8hvQl8Z
Static task
static1
Malware Config
Extracted
Protocol: ftp- Host:
ftp.concaribe.com - Port:
21 - Username:
[email protected] - Password:
ro}UWgz#!38E
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.concaribe.com - Port:
21 - Username:
[email protected] - Password:
ro}UWgz#!38E
Targets
-
-
Target
Nuovo Ordine 0020994009590969607099.exe
-
Size
647KB
-
MD5
1d48a375ce7c75376eab3198252208fc
-
SHA1
d6d238182fc1a215a67d16393e5e59a082b53cd9
-
SHA256
2d681f77a01e0e7c148103ac4f081fae79fdbb4de8761a519e87cde85e338720
-
SHA512
2e9911390026aa27c30fe6bfa725296d0fd7d8b711b84cbdba2d117ddf563d29c5e14c66537ea987089931f2d981ba5a1327aa29a10c3221ad5378708b0d9602
-
SSDEEP
12288:EMwC2L2cvCJqhDsyPQPUFqxBs1DNy82MvQ/0HN5j6SvVZ8:EMwC2LXVgMwns1Jy8hvQl8Z8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-