General
-
Target
fc19a2a39649706f91b565b3514a0a908551b7702c6a99423972c526a3d9eb4b
-
Size
223KB
-
Sample
240701-bc1qpa1eja
-
MD5
4a49a8abf60ecb81fc23e6d1ed35a42e
-
SHA1
d6836688b3806af42f3ee1dc88b9479c84fed49b
-
SHA256
fc19a2a39649706f91b565b3514a0a908551b7702c6a99423972c526a3d9eb4b
-
SHA512
988d6cb2045301523a923fc0e58c63d3e522fd59b1631c422cd48acadafd024069eb237f0ebb180a075897142a1ce3f81eb8816953c00e11f72260d0b111a591
-
SSDEEP
3072:/oTa9jqHiBVyfqpl656wNLamMcnDAxRCzSpCTVtRGFuSSMWfYjTc:/oTaB7BV2cl6nWmtQp0TVlSc
Static task
static1
Behavioral task
behavioral1
Sample
fc19a2a39649706f91b565b3514a0a908551b7702c6a99423972c526a3d9eb4b.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
fc19a2a39649706f91b565b3514a0a908551b7702c6a99423972c526a3d9eb4b.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.antoniomayol.com - Port:
21 - Username:
[email protected] - Password:
cMhKDQUk1{;%
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.antoniomayol.com:21 - Port:
21 - Username:
[email protected] - Password:
cMhKDQUk1{;%
Targets
-
-
Target
fc19a2a39649706f91b565b3514a0a908551b7702c6a99423972c526a3d9eb4b
-
Size
223KB
-
MD5
4a49a8abf60ecb81fc23e6d1ed35a42e
-
SHA1
d6836688b3806af42f3ee1dc88b9479c84fed49b
-
SHA256
fc19a2a39649706f91b565b3514a0a908551b7702c6a99423972c526a3d9eb4b
-
SHA512
988d6cb2045301523a923fc0e58c63d3e522fd59b1631c422cd48acadafd024069eb237f0ebb180a075897142a1ce3f81eb8816953c00e11f72260d0b111a591
-
SSDEEP
3072:/oTa9jqHiBVyfqpl656wNLamMcnDAxRCzSpCTVtRGFuSSMWfYjTc:/oTaB7BV2cl6nWmtQp0TVlSc
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-