General
-
Target
759297f80394a9a8679bd3e27952253ddb50cec04cc4f44b054e07e1b24d1492
-
Size
1.0MB
-
Sample
240629-bdjhssxbjc
-
MD5
4d2584b647d3d31215cd9a17a9114f1c
-
SHA1
8c2312cc0f141230f86ac06abe91e63b8be723da
-
SHA256
759297f80394a9a8679bd3e27952253ddb50cec04cc4f44b054e07e1b24d1492
-
SHA512
d6c297c38277fc4173dd6d02bf7905dd544031b7f5e53c101246066ae6f1c5ffe019364876ef87a808f2f8c8732caa840e59afd762c1affd130fe24e1545ff8c
-
SSDEEP
24576:2AHnh+eWsN3skA4RV1Hom2KXMmHaquf0+hsUzNOxh5:Rh+ZkldoPK8YaqufTA
Static task
static1
Behavioral task
behavioral1
Sample
759297f80394a9a8679bd3e27952253ddb50cec04cc4f44b054e07e1b24d1492.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
759297f80394a9a8679bd3e27952253ddb50cec04cc4f44b054e07e1b24d1492.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.solucionesmexico.mx - Port:
21 - Username:
[email protected] - Password:
dGG^ZYIxX5!B
Targets
-
-
Target
759297f80394a9a8679bd3e27952253ddb50cec04cc4f44b054e07e1b24d1492
-
Size
1.0MB
-
MD5
4d2584b647d3d31215cd9a17a9114f1c
-
SHA1
8c2312cc0f141230f86ac06abe91e63b8be723da
-
SHA256
759297f80394a9a8679bd3e27952253ddb50cec04cc4f44b054e07e1b24d1492
-
SHA512
d6c297c38277fc4173dd6d02bf7905dd544031b7f5e53c101246066ae6f1c5ffe019364876ef87a808f2f8c8732caa840e59afd762c1affd130fe24e1545ff8c
-
SSDEEP
24576:2AHnh+eWsN3skA4RV1Hom2KXMmHaquf0+hsUzNOxh5:Rh+ZkldoPK8YaqufTA
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-