General
-
Target
8d15bcc5eca4dbafc31d1ea92c4d34b86e5d30e6b4cb0da378570bdccd7242c1
-
Size
1.0MB
-
Sample
240630-bs6a4s1glb
-
MD5
05b4a13a3d126cdd799e10c41b4b5af0
-
SHA1
243c8b9f0200db1d70a83a62a0fb082a720c1a29
-
SHA256
8d15bcc5eca4dbafc31d1ea92c4d34b86e5d30e6b4cb0da378570bdccd7242c1
-
SHA512
61934004d93eeecd27583a3b29fb63d5ab2793151d09165cd7f48a430f3607eb35ca7a3793f91a285cb2e4b149a81740dd4e2003d871a14c54fdd7f82ecaf418
-
SSDEEP
24576:aAHnh+eWsN3skA4RV1Hom2KXMmHa4Cdy4PosSnZmSIv5:th+ZkldoPK8Ya4CddGnZ58
Static task
static1
Behavioral task
behavioral1
Sample
8d15bcc5eca4dbafc31d1ea92c4d34b86e5d30e6b4cb0da378570bdccd7242c1.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
8d15bcc5eca4dbafc31d1ea92c4d34b86e5d30e6b4cb0da378570bdccd7242c1.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.antoniomayol.com:21 - Port:
21 - Username:
[email protected] - Password:
cMhKDQUk1{;%
Targets
-
-
Target
8d15bcc5eca4dbafc31d1ea92c4d34b86e5d30e6b4cb0da378570bdccd7242c1
-
Size
1.0MB
-
MD5
05b4a13a3d126cdd799e10c41b4b5af0
-
SHA1
243c8b9f0200db1d70a83a62a0fb082a720c1a29
-
SHA256
8d15bcc5eca4dbafc31d1ea92c4d34b86e5d30e6b4cb0da378570bdccd7242c1
-
SHA512
61934004d93eeecd27583a3b29fb63d5ab2793151d09165cd7f48a430f3607eb35ca7a3793f91a285cb2e4b149a81740dd4e2003d871a14c54fdd7f82ecaf418
-
SSDEEP
24576:aAHnh+eWsN3skA4RV1Hom2KXMmHa4Cdy4PosSnZmSIv5:th+ZkldoPK8Ya4CddGnZ58
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-