General
-
Target
1a9279c50b83568449cd021223a9e331bd93860f5197b35e44bca71fed640e41
-
Size
1.0MB
-
Sample
240630-bfgf8a1dmg
-
MD5
8dc74fb486d68b27282f56ad1a7de078
-
SHA1
abe5a0279e453c15f33e7fc48301e1aa4367d266
-
SHA256
1a9279c50b83568449cd021223a9e331bd93860f5197b35e44bca71fed640e41
-
SHA512
d125ef4ca12abef43d8844c969ef109c9376d0f32e11def4a0822f3ea028d9436bc768d31d943b67dd7607a53f486488e043b9f5b1df5258e646b2e80aea0678
-
SSDEEP
24576:vAHnh+eWsN3skA4RV1Hom2KXMmHalZaFNjmSEsjv5:Sh+ZkldoPK8Yalmei
Static task
static1
Behavioral task
behavioral1
Sample
1a9279c50b83568449cd021223a9e331bd93860f5197b35e44bca71fed640e41.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1a9279c50b83568449cd021223a9e331bd93860f5197b35e44bca71fed640e41.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.fosna.net - Port:
21 - Username:
[email protected] - Password:
u;4z3V.Iir1l
Targets
-
-
Target
1a9279c50b83568449cd021223a9e331bd93860f5197b35e44bca71fed640e41
-
Size
1.0MB
-
MD5
8dc74fb486d68b27282f56ad1a7de078
-
SHA1
abe5a0279e453c15f33e7fc48301e1aa4367d266
-
SHA256
1a9279c50b83568449cd021223a9e331bd93860f5197b35e44bca71fed640e41
-
SHA512
d125ef4ca12abef43d8844c969ef109c9376d0f32e11def4a0822f3ea028d9436bc768d31d943b67dd7607a53f486488e043b9f5b1df5258e646b2e80aea0678
-
SSDEEP
24576:vAHnh+eWsN3skA4RV1Hom2KXMmHalZaFNjmSEsjv5:Sh+ZkldoPK8Yalmei
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-