General
-
Target
27c1c7f46b622f6fe4a2597eba26912a7b4c8c5fc292c9f2acd8f8c56bf579fe.exe
-
Size
759KB
-
Sample
240705-bhjpcs1cqg
-
MD5
62c99442a0f6dda3259f7038cca0dccf
-
SHA1
5c403c8fd1f8bf46ee9251dfe0fd3f5004379ec0
-
SHA256
27c1c7f46b622f6fe4a2597eba26912a7b4c8c5fc292c9f2acd8f8c56bf579fe
-
SHA512
e95448d967a7d2ef3f34ff59b163ffd8da00180b4324aaf77892c59b2c69d5117269f44c225687ffa764afe3bdd44a9f1a4fcd13c9aaf45fd79aa38d2dff1b13
-
SSDEEP
12288:z78o1C1LuZjNaiCKwrs4IjZbstytYyn37lzzdlqLPHTVHKLePL:Up2+ps3bB7lPvqzRHK6L
Static task
static1
Behavioral task
behavioral1
Sample
27c1c7f46b622f6fe4a2597eba26912a7b4c8c5fc292c9f2acd8f8c56bf579fe.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
27c1c7f46b622f6fe4a2597eba26912a7b4c8c5fc292c9f2acd8f8c56bf579fe.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.carbognin.it - Port:
21 - Username:
[email protected] - Password:
59Cif8wZUH#X
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.carbognin.it - Port:
21 - Username:
[email protected] - Password:
59Cif8wZUH#X
Targets
-
-
Target
27c1c7f46b622f6fe4a2597eba26912a7b4c8c5fc292c9f2acd8f8c56bf579fe.exe
-
Size
759KB
-
MD5
62c99442a0f6dda3259f7038cca0dccf
-
SHA1
5c403c8fd1f8bf46ee9251dfe0fd3f5004379ec0
-
SHA256
27c1c7f46b622f6fe4a2597eba26912a7b4c8c5fc292c9f2acd8f8c56bf579fe
-
SHA512
e95448d967a7d2ef3f34ff59b163ffd8da00180b4324aaf77892c59b2c69d5117269f44c225687ffa764afe3bdd44a9f1a4fcd13c9aaf45fd79aa38d2dff1b13
-
SSDEEP
12288:z78o1C1LuZjNaiCKwrs4IjZbstytYyn37lzzdlqLPHTVHKLePL:Up2+ps3bB7lPvqzRHK6L
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-