General
-
Target
teambzx.exe
-
Size
732KB
-
Sample
230609-vkq11acf96
-
MD5
336375e930359420ca9be2882d881df5
-
SHA1
e9aaf7533a4a88feeb820ca0f2001def95987483
-
SHA256
062091e8dfcd454183cd27936fc78e170a8e52fd7229321ec40e912825e22684
-
SHA512
2326d30d66b3ed62378078be4115d75eb6f56cc5eb7bed95555d2ab7573c30ca227f7dd311996af54cc09d0a6364be06733b99eff4d7494851818e641fde1b4b
-
SSDEEP
12288:I/PWR28Le0cY+Yg9fb9WshiQMJrJqxO61iUQTmJTCj15USGQ/5HDIi:IH+xL9Rk9ciMZmiUdlS5Bj9DI
Static task
static1
Behavioral task
behavioral1
Sample
teambzx.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
teambzx.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.grad-vodice.hr - Port:
587 - Username:
marija.bilac@grad-vodice.hr - Password:
pKs9zy8Nn1 - Email To:
triangleshpk@skiff.com
Extracted
Protocol: smtp- Host:
mail.grad-vodice.hr - Port:
587 - Username:
marija.bilac@grad-vodice.hr - Password:
pKs9zy8Nn1
Targets
-
-
Target
teambzx.exe
-
Size
732KB
-
MD5
336375e930359420ca9be2882d881df5
-
SHA1
e9aaf7533a4a88feeb820ca0f2001def95987483
-
SHA256
062091e8dfcd454183cd27936fc78e170a8e52fd7229321ec40e912825e22684
-
SHA512
2326d30d66b3ed62378078be4115d75eb6f56cc5eb7bed95555d2ab7573c30ca227f7dd311996af54cc09d0a6364be06733b99eff4d7494851818e641fde1b4b
-
SSDEEP
12288:I/PWR28Le0cY+Yg9fb9WshiQMJrJqxO61iUQTmJTCj15USGQ/5HDIi:IH+xL9Rk9ciMZmiUdlS5Bj9DI
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-