General
-
Target
cd274ae11b1d8cb63df5fc7e8140ac6bf711c3a330fd456ac14308852900ff94
-
Size
663KB
-
Sample
231212-lg175acbd4
-
MD5
9c230b31d8ab1476f5b42afe8a178d3e
-
SHA1
6f8999b9327c360604cdd98ccdc1ab81c05f6da0
-
SHA256
cd274ae11b1d8cb63df5fc7e8140ac6bf711c3a330fd456ac14308852900ff94
-
SHA512
db2e75c1988cd53902e28d81c3b12dabcf43556fe0063eff91f6fa97bc1ede0baa637f1b8797c60406749491172503da4ea737775f3035ca4ad3194c52d27b6a
-
SSDEEP
12288:Y7M+4WpAEyy7/S4E+p/0REl07O9Y0D7xZtMSp/53NO+LnrvFQjFtBT+:CpAEIXIlV9t9MI9s0nUd
Static task
static1
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@ - Email To:
[email protected]
Targets
-
-
Target
cd274ae11b1d8cb63df5fc7e8140ac6bf711c3a330fd456ac14308852900ff94
-
Size
663KB
-
MD5
9c230b31d8ab1476f5b42afe8a178d3e
-
SHA1
6f8999b9327c360604cdd98ccdc1ab81c05f6da0
-
SHA256
cd274ae11b1d8cb63df5fc7e8140ac6bf711c3a330fd456ac14308852900ff94
-
SHA512
db2e75c1988cd53902e28d81c3b12dabcf43556fe0063eff91f6fa97bc1ede0baa637f1b8797c60406749491172503da4ea737775f3035ca4ad3194c52d27b6a
-
SSDEEP
12288:Y7M+4WpAEyy7/S4E+p/0REl07O9Y0D7xZtMSp/53NO+LnrvFQjFtBT+:CpAEIXIlV9t9MI9s0nUd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-