General
-
Target
PRE ALERT NOTICE.zip
-
Size
630KB
-
Sample
231212-3tsj7aega4
-
MD5
56f259a2768f693e642ec56a177ad82d
-
SHA1
be3b12ae6374791211f0cb36130d4b23a9869795
-
SHA256
e13b5c76e67e9bc7d731f4a36fa0b9b15c661bac4f35f8bc92e7c61a526f4811
-
SHA512
ba075c1809a9c1f66638fa4587815a12abb13257b0680d6a878161bdb26272eabbb37c1e5faba4404c4acb63d8c2df9489231a34c9efaca9257fd2d4edd136cd
-
SSDEEP
12288:eGC8+be6/3YOxozSso6nYMfbW39WWN3gDWH/tIfUWi2ZNRT5xaduCWz08:XCHq/Ox8o6npzpEgDE/tIfU8nMduCEB
Static task
static1
Behavioral task
behavioral1
Sample
PRE ALERT NOTICE.exe
Resource
win7-20231023-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.2sautomobile.com - Port:
587 - Username:
[email protected] - Password:
Kenzi051008 - Email To:
[email protected]
Targets
-
-
Target
PRE ALERT NOTICE.exe
-
Size
662KB
-
MD5
3cfb07a2465657d8928e675dedcd9978
-
SHA1
c5bd7e1f89fde69af56a8305e5fac685557da92e
-
SHA256
b5373781057e3cc3a3e2064f57942adc17f2a3905de6c1037332dfaede7a9cba
-
SHA512
77c6687b8c635e90b8c19c914d5873ee40a8105448dc96480a2a1c1fb7abcb201ad4cd0a0ae9768a696743a29b1e6d25aeed62dcc93d5d60fee858781326c88a
-
SSDEEP
12288:huGo+4WpAE9y7Rxkz2Uo6hYMRbG7TyQ8WyDv3WDWHUIpUsimxVR5dx6D78cPLC+:ppAEIxyo6hplGUWyrWDEUIpUOTKD
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-