General
-
Target
d743b898fae4703c90255dbe19cfee6c2c5cbe7bde2eb6fc6c6d3fd4a06af644
-
Size
481KB
-
Sample
240630-bc6a6svbmj
-
MD5
1304062712eb3b4a6b57788c3b9ba038
-
SHA1
f17492069cf3ecb5fd04eb17e97dca33ea994989
-
SHA256
d743b898fae4703c90255dbe19cfee6c2c5cbe7bde2eb6fc6c6d3fd4a06af644
-
SHA512
55b2b126937413292508d47f56e27d26124c8c1cf79da92eb024aa0f8557a35e28e791079cc904ef2c8b46d5c73104593054c67ceb54a09a16f6171be8047440
-
SSDEEP
12288:LH6UjejvWv8DqvVpKSrtV5ZI4UN2MBFI:LaUj0Wv8DsmSrt99d
Static task
static1
Behavioral task
behavioral1
Sample
d743b898fae4703c90255dbe19cfee6c2c5cbe7bde2eb6fc6c6d3fd4a06af644.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
d743b898fae4703c90255dbe19cfee6c2c5cbe7bde2eb6fc6c6d3fd4a06af644.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.code-jet.com - Port:
21 - Username:
[email protected] - Password:
F$T3)1@zYr&V
Targets
-
-
Target
d743b898fae4703c90255dbe19cfee6c2c5cbe7bde2eb6fc6c6d3fd4a06af644
-
Size
481KB
-
MD5
1304062712eb3b4a6b57788c3b9ba038
-
SHA1
f17492069cf3ecb5fd04eb17e97dca33ea994989
-
SHA256
d743b898fae4703c90255dbe19cfee6c2c5cbe7bde2eb6fc6c6d3fd4a06af644
-
SHA512
55b2b126937413292508d47f56e27d26124c8c1cf79da92eb024aa0f8557a35e28e791079cc904ef2c8b46d5c73104593054c67ceb54a09a16f6171be8047440
-
SSDEEP
12288:LH6UjejvWv8DqvVpKSrtV5ZI4UN2MBFI:LaUj0Wv8DsmSrt99d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-