General
-
Target
80b267f018ea9ecba8184ff8284abe5c3597fd857b85a539d6f2066f503f45dc
-
Size
1.1MB
-
Sample
240429-bmal9adh53
-
MD5
42ff754a2279a346e3013cb17fe5a027
-
SHA1
79aa24b996dbc854bbdfbaf909c5f391c74692d1
-
SHA256
80b267f018ea9ecba8184ff8284abe5c3597fd857b85a539d6f2066f503f45dc
-
SHA512
fedd28723e8728bf8c530f43b2d277274a95f772e35241b71f79fe80915fb60ad4003c346aef5e799a860ef3f25c89a9ba65b3b48af548d4c0e6b597dc748b00
-
SSDEEP
24576:YqDEvCTbMWu7rQYlBQcBiT6rprG8ad9Y8JMxRr1Re8k0/NN:YTvC/MTQYxsWR7adJGr1R9/
Static task
static1
Behavioral task
behavioral1
Sample
80b267f018ea9ecba8184ff8284abe5c3597fd857b85a539d6f2066f503f45dc.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
80b267f018ea9ecba8184ff8284abe5c3597fd857b85a539d6f2066f503f45dc.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.deeptrans.com.tr - Port:
587 - Username:
lojistik@deeptrans.com.tr - Password:
59ace821A
Targets
-
-
Target
80b267f018ea9ecba8184ff8284abe5c3597fd857b85a539d6f2066f503f45dc
-
Size
1.1MB
-
MD5
42ff754a2279a346e3013cb17fe5a027
-
SHA1
79aa24b996dbc854bbdfbaf909c5f391c74692d1
-
SHA256
80b267f018ea9ecba8184ff8284abe5c3597fd857b85a539d6f2066f503f45dc
-
SHA512
fedd28723e8728bf8c530f43b2d277274a95f772e35241b71f79fe80915fb60ad4003c346aef5e799a860ef3f25c89a9ba65b3b48af548d4c0e6b597dc748b00
-
SSDEEP
24576:YqDEvCTbMWu7rQYlBQcBiT6rprG8ad9Y8JMxRr1Re8k0/NN:YTvC/MTQYxsWR7adJGr1R9/
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-