General
-
Target
353b198fd8d2e59e165cddc26144637bc148f18619e8f254b6d4f6aebb0d180b
-
Size
636KB
-
Sample
240702-bfzyka1brd
-
MD5
5b2da97f8fb3325ea38c9345a57ab942
-
SHA1
62ef5c9093fc28c4bcecc1485a6aa3af42754a6d
-
SHA256
353b198fd8d2e59e165cddc26144637bc148f18619e8f254b6d4f6aebb0d180b
-
SHA512
7ca077a1cb0b15ede10e76f2a31b4165e3e316cb28eac821c18c95d139b79c2d5e05e72bea77c571c56f7f32e840bba77a60b3781d4eac3833528e37985a36ba
-
SSDEEP
12288:QIhg6lRPMMIE+0fapbS80dpGE4DQAkvDLPimSzdIr21nAbs6suO6LaAgqqKOy:CIRuuAb6sE49MzdStAb13dgqPO
Static task
static1
Behavioral task
behavioral1
Sample
353b198fd8d2e59e165cddc26144637bc148f18619e8f254b6d4f6aebb0d180b.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
353b198fd8d2e59e165cddc26144637bc148f18619e8f254b6d4f6aebb0d180b.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://backup.smartape.ru - Port:
21 - Username:
user894492 - Password:
w6NZOdcSkH1a
Extracted
Protocol: ftp- Host:
backup.smartape.ru - Port:
21 - Username:
user894492 - Password:
w6NZOdcSkH1a
Targets
-
-
Target
353b198fd8d2e59e165cddc26144637bc148f18619e8f254b6d4f6aebb0d180b
-
Size
636KB
-
MD5
5b2da97f8fb3325ea38c9345a57ab942
-
SHA1
62ef5c9093fc28c4bcecc1485a6aa3af42754a6d
-
SHA256
353b198fd8d2e59e165cddc26144637bc148f18619e8f254b6d4f6aebb0d180b
-
SHA512
7ca077a1cb0b15ede10e76f2a31b4165e3e316cb28eac821c18c95d139b79c2d5e05e72bea77c571c56f7f32e840bba77a60b3781d4eac3833528e37985a36ba
-
SSDEEP
12288:QIhg6lRPMMIE+0fapbS80dpGE4DQAkvDLPimSzdIr21nAbs6suO6LaAgqqKOy:CIRuuAb6sE49MzdStAb13dgqPO
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-