General
-
Target
c9419c54ba69be9044c943aa4064187bb1488d17f6ce95c76026519f0c9b6985.uue
-
Size
562KB
-
Sample
240629-b6t51a1emp
-
MD5
e36455e4ad38092f65cdfa1919826d6a
-
SHA1
d3d1ae0aec731f6a1f5de97091bdc66ced037e59
-
SHA256
c9419c54ba69be9044c943aa4064187bb1488d17f6ce95c76026519f0c9b6985
-
SHA512
b4f4f9bc829afe5014a5855335b7e948af44d408ae4fd6927ac444a166c2afde7936eba72def8b0e3207559aa250340c669f1b6cd5098288dbbe16dd586a543a
-
SSDEEP
12288:5V1dlD6k/2kYw9qXGHORH65cCPXjwJPLPZTmPib+JC46ibR0usiaT:5VrgE2cDHZcssJP9ToZ2ibR0uqT
Static task
static1
Behavioral task
behavioral1
Sample
Factura 422934 pago bbva swift.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Factura 422934 pago bbva swift.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.gizemetiket.com.tr - Port:
21 - Username:
pgizemM6 - Password:
giz95Ffg
Targets
-
-
Target
Factura 422934 pago bbva swift.exe
-
Size
1.0MB
-
MD5
ed9f49416a518a5e9d16ce233245ccc0
-
SHA1
6db3b33a370a7bf3398d2032d913cae701ab4b5f
-
SHA256
adcaadb9fbc4c4abb883745995a4982fdc1e6b7737b10abe271d3f1d47384dac
-
SHA512
aeb49191432fddca5966a8837ceb711a2eed11609b92cee098215d01acf07296dfe5aba71ce5540eefe00952d1b324ac59518ab3b3eaea8e542165259a34341e
-
SSDEEP
24576:IAHnh+eWsN3skA4RV1Hom2KXMmHahKFXF8XIapQ5+5:Ph+ZkldoPK8YahKFXF84QH
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-