General
-
Target
52cbe65053cb32522f4da82fd1d94df0201ab9a4fe11998a19b58ef1f09f13de
-
Size
568KB
-
Sample
240621-b5r91szajr
-
MD5
42da88f4f51f0e18912f161025d91406
-
SHA1
e11f2fcb9c97933fb9fff2ec32d9b7acf695920c
-
SHA256
52cbe65053cb32522f4da82fd1d94df0201ab9a4fe11998a19b58ef1f09f13de
-
SHA512
f52e9e4b4085b1990e14b0a20a6270c24532c6ac0567fb598cdbf80ef4ee36ecab2d4f728844ba86231819b7db546dd07799a79715807323a3c07131990a54af
-
SSDEEP
12288:QU4daTDD2uBKXQJC4EzpWm5jGMw8RgFRZdfknn:Q0+ugAU4ENWmpGiRgFJf
Static task
static1
Behavioral task
behavioral1
Sample
Documents.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Documents.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://files.000webhost.com - Port:
21 - Username:
tain00 - Password:
computer@2020
Extracted
Protocol: ftp- Host:
files.000webhost.com - Port:
21 - Username:
tain00
Targets
-
-
Target
Documents.exe
-
Size
517KB
-
MD5
154d0832533e203c04a41d1a49a0240f
-
SHA1
cf0ce73cf84fb5f9dba3fc9b89a98a3fa1b581e6
-
SHA256
bfc34d1697120f4c9670b022313ff1a82a5d567a87ec6a097cf1fae2336c77c3
-
SHA512
cb7175d6d4a545a54890adbf3493b42cb6c10441b221a09218d5f67bf9ac10623e71dbb3f87c78ea7a7171c6ec1283f61a142336ba3e4556d66ef867475229aa
-
SSDEEP
12288:qU4daTDD2uBKXQJC4EzpWm5jGMw8RgFRZdfknn:q0+ugAU4ENWmpGiRgFJf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
PureLog Stealer payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-