General
-
Target
e3ffaae53b7127d22d6ca2fd83b126136437c63d422127cd309963e0c6f8e71a.exe
-
Size
1.2MB
-
Sample
240701-qznrzavcjc
-
MD5
944a0048e334fd1cf24f880bf0d17702
-
SHA1
9f5f69ba1f5c449e073a83fa0d40ea79b23cb839
-
SHA256
e3ffaae53b7127d22d6ca2fd83b126136437c63d422127cd309963e0c6f8e71a
-
SHA512
3f6bbbefad01b129c3844ad0d83ce56198e2c31c3167b4baad0a2c35e2ad2beeec03d49c7cac54ba9dd56b9993994e7b98b028bac997b77c98e7f6044999fa32
-
SSDEEP
12288:RQA22qBJWPLprpPglhopSu/6jkq/91XvWeonUAvLkr:yd1UthuWp5cl1Zee0UAvLU
Static task
static1
Behavioral task
behavioral1
Sample
e3ffaae53b7127d22d6ca2fd83b126136437c63d422127cd309963e0c6f8e71a.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
e3ffaae53b7127d22d6ca2fd83b126136437c63d422127cd309963e0c6f8e71a.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.tekserendustriyel.com - Port:
21 - Username:
[email protected] - Password:
chuzy2024@
Targets
-
-
Target
e3ffaae53b7127d22d6ca2fd83b126136437c63d422127cd309963e0c6f8e71a.exe
-
Size
1.2MB
-
MD5
944a0048e334fd1cf24f880bf0d17702
-
SHA1
9f5f69ba1f5c449e073a83fa0d40ea79b23cb839
-
SHA256
e3ffaae53b7127d22d6ca2fd83b126136437c63d422127cd309963e0c6f8e71a
-
SHA512
3f6bbbefad01b129c3844ad0d83ce56198e2c31c3167b4baad0a2c35e2ad2beeec03d49c7cac54ba9dd56b9993994e7b98b028bac997b77c98e7f6044999fa32
-
SSDEEP
12288:RQA22qBJWPLprpPglhopSu/6jkq/91XvWeonUAvLkr:yd1UthuWp5cl1Zee0UAvLU
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-