General
-
Target
63f15ad383f0e0663801dbf435c6ff7a38052f7f96d0dafce2503544807b755d
-
Size
603KB
-
Sample
231212-lx8xxaahgm
-
MD5
82cb367bf821251415482cf79497ef10
-
SHA1
3b11201b984d6de9d320e73107fefe99d9618230
-
SHA256
63f15ad383f0e0663801dbf435c6ff7a38052f7f96d0dafce2503544807b755d
-
SHA512
62d8c433193270195a4f950c97702936f81e4fcf6c3405e60ee51c2da4facddd6d776040103ff382cdf38c73636050161a0ccfcad0da884f2c5ffa2a3254204a
-
SSDEEP
12288:vTK6r5b6GZ5KUcHikB6m+QIOFkbHZDOnzui5bDD5K0JLA1FyM3Ul0ANb:j5DZ5KUksNCFa5Dsn5H4G0UM300I
Static task
static1
Behavioral task
behavioral1
Sample
PO OAU_DECQTRFA00541·PDF.scr
Resource
win7-20231201-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ilkbisbtwjcrlqtd - Email To:
[email protected]
Targets
-
-
Target
PO OAU_DECQTRFA00541·PDF.scr
-
Size
876KB
-
MD5
c64d5d4077c83afd1fb5164afefa3904
-
SHA1
1b5e3f02f4b2c7ac2df637cb6dda698e993f36ac
-
SHA256
a6f58935bedd980a56d23d921321ed00423abc572b4eac98dc406fa9b65d6634
-
SHA512
99b0e2cb3179d173bf42e7998c15c906d8da60684ddef4c5c0ed238e3ffacdd06d15cbc1bc5b6440d00f7bb1b82843f4c22965aa91064ad83aac16f01a9f558c
-
SSDEEP
12288:lHByzTOmwhSJJwOHRiU3OWCnQOJKTt2GUIiMUth1cl7kd2qyxwJMyU:izqXhSJJ9dLUIibUU2qy0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-