General
-
Target
2b1b9a2c985b1f379fa1f6fed2a2ca8c6bf3c9e352fc4a2c27cdd5dcabaca215
-
Size
603KB
-
Sample
231212-kv8npabeh9
-
MD5
33ffa779ac3c5f32640aed7e9cceb413
-
SHA1
6b173eaba7cbf2374ef162fdefed783e69626166
-
SHA256
2b1b9a2c985b1f379fa1f6fed2a2ca8c6bf3c9e352fc4a2c27cdd5dcabaca215
-
SHA512
cb89336554ada1ec7eedd66af81c0ba670fa1eae614ce68198168ef64056b0f6b5440b14b4d27689af73578870ff566d67d44d543b11768fe598f1c21ef7f944
-
SSDEEP
12288:ZmV21dHi21hSHg/is60T0bBMkxnVvH09V7bizyGvvvOpBH:ZmVudCigA/e06NnUvfirvvv8BH
Static task
static1
Behavioral task
behavioral1
Sample
PO OAU_DECQTRFA00541·PDF.scr
Resource
win7-20231023-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
gator3220.hostgator.com - Port:
587 - Username:
[email protected] - Password:
MCgD#w!TZmaka!@@ - Email To:
[email protected]
Targets
-
-
Target
PO OAU_DECQTRFA00541·PDF.scr
-
Size
878KB
-
MD5
89160b80b6c468aa1df713449fecb85a
-
SHA1
8636828e03b268d1ca379e5ec2f0e202934c1d11
-
SHA256
4f552d66d0f774acbf75f57ff0a41db9eaa3dfa338795f385865e4c6696713c9
-
SHA512
51ade18ae3de559a539e957d8c42c65cbe95aba9c3447b9d1c27d315bba9773f46419266b2b5a4b5898d191fa8ecf4c783b4411af26b9afca3382481f2925528
-
SSDEEP
24576:k+1GNss+LA5WGu4Ljs0OyC4dcwFgOy6v2cmzw6murezzzIeIII0IEzlKyskJ66UN:USsjdnseC4nmD6Ocmzw6murezzzIeIIW
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-