General
-
Target
6908b937d7bc9911024afbb8fa131fe03a5b93c75ec788071841086c40c6a6d3
-
Size
646KB
-
Sample
240629-bfwadazfqn
-
MD5
ae0c339413af1c890b9931d6d2fd898d
-
SHA1
95db807fb800bdfee36150094e3b3d57f5caf4aa
-
SHA256
6908b937d7bc9911024afbb8fa131fe03a5b93c75ec788071841086c40c6a6d3
-
SHA512
fbf8bc098e8027313a60407391b1cb5e242ec94a972bdcf92333b7c4bdb8232931504bec2cbc3539fd32044873cece2f31bcfacfb943d48e382c6b623412fce4
-
SSDEEP
12288:8FIsPAMIZFT3ixUrl/8OBmQQVIOg4aQwSOWpTeym3M8shn0cG:+IK/2R3iM/xBmQDl4aQaWlmm0t
Static task
static1
Behavioral task
behavioral1
Sample
6908b937d7bc9911024afbb8fa131fe03a5b93c75ec788071841086c40c6a6d3.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
6908b937d7bc9911024afbb8fa131fe03a5b93c75ec788071841086c40c6a6d3.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://inhanoi.net.vn - Port:
21 - Username:
[email protected] - Password:
^TSt3!FK$UBA
Targets
-
-
Target
6908b937d7bc9911024afbb8fa131fe03a5b93c75ec788071841086c40c6a6d3
-
Size
646KB
-
MD5
ae0c339413af1c890b9931d6d2fd898d
-
SHA1
95db807fb800bdfee36150094e3b3d57f5caf4aa
-
SHA256
6908b937d7bc9911024afbb8fa131fe03a5b93c75ec788071841086c40c6a6d3
-
SHA512
fbf8bc098e8027313a60407391b1cb5e242ec94a972bdcf92333b7c4bdb8232931504bec2cbc3539fd32044873cece2f31bcfacfb943d48e382c6b623412fce4
-
SSDEEP
12288:8FIsPAMIZFT3ixUrl/8OBmQQVIOg4aQwSOWpTeym3M8shn0cG:+IK/2R3iM/xBmQDl4aQaWlmm0t
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-