General
-
Target
4481478226dbd7b7fe7d62ea95982a8998bbf1f21c7cc6c68774a1f73b7ae76c
-
Size
633KB
-
Sample
240629-bfvzlszfqm
-
MD5
dc7edd2981253d70f927e5e80052fd61
-
SHA1
49c06d94cfdb5ba15baf5f376d3fde450d0300b7
-
SHA256
4481478226dbd7b7fe7d62ea95982a8998bbf1f21c7cc6c68774a1f73b7ae76c
-
SHA512
790d358025cb5fe3a6e9de43d83d0f8e2c72e5ba7a548f00fc234fd6694adb645b4ed85a70c606803261964f9cb8b5e049983e799c255a70c5f855e24c0bd32c
-
SSDEEP
12288:t9KbZRDVMz3CsTCkH1x2CyWL8UMzd6AIQs0tDXto1VS+pZIIU558SwoamVil2IO:t71THxvyWLkpqVS+oIU558SwuM
Static task
static1
Behavioral task
behavioral1
Sample
4481478226dbd7b7fe7d62ea95982a8998bbf1f21c7cc6c68774a1f73b7ae76c.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
4481478226dbd7b7fe7d62ea95982a8998bbf1f21c7cc6c68774a1f73b7ae76c.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://inhanoi.net.vn - Port:
21 - Username:
[email protected] - Password:
^TSt3!FK$UBA
Targets
-
-
Target
4481478226dbd7b7fe7d62ea95982a8998bbf1f21c7cc6c68774a1f73b7ae76c
-
Size
633KB
-
MD5
dc7edd2981253d70f927e5e80052fd61
-
SHA1
49c06d94cfdb5ba15baf5f376d3fde450d0300b7
-
SHA256
4481478226dbd7b7fe7d62ea95982a8998bbf1f21c7cc6c68774a1f73b7ae76c
-
SHA512
790d358025cb5fe3a6e9de43d83d0f8e2c72e5ba7a548f00fc234fd6694adb645b4ed85a70c606803261964f9cb8b5e049983e799c255a70c5f855e24c0bd32c
-
SSDEEP
12288:t9KbZRDVMz3CsTCkH1x2CyWL8UMzd6AIQs0tDXto1VS+pZIIU558SwoamVil2IO:t71THxvyWLkpqVS+oIU558SwuM
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-