General
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.19723.25833
-
Size
635KB
-
Sample
220426-fbnrysbac7
-
MD5
a27c8ee8b37605f3c05e4eb4d614f359
-
SHA1
6a8b97217d52a752075b08207bad7d7c867a8854
-
SHA256
910a6e4138cb422bf570130f05cdb463d726c0eddb2882bdc6e42fb1daace384
-
SHA512
769fe817c1616f80672a63ad8a8464c26aa4374e569343df04feab22a3a1193eac5f7eee5fb3afaa94ed28792da492659c2b02220f0197c1b89641a0d7f9f536
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetectNet.01.19723.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.W32.AIDetectNet.01.19723.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.unitelha.com - Port:
21 - Username:
kilop@unitelha.com - Password:
Wljp?j]gQwC?
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.unitelha.com/ - Port:
21 - Username:
kilop@unitelha.com - Password:
Wljp?j]gQwC?
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.19723.25833
-
Size
635KB
-
MD5
a27c8ee8b37605f3c05e4eb4d614f359
-
SHA1
6a8b97217d52a752075b08207bad7d7c867a8854
-
SHA256
910a6e4138cb422bf570130f05cdb463d726c0eddb2882bdc6e42fb1daace384
-
SHA512
769fe817c1616f80672a63ad8a8464c26aa4374e569343df04feab22a3a1193eac5f7eee5fb3afaa94ed28792da492659c2b02220f0197c1b89641a0d7f9f536
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-