General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.24485.29113.exe
-
Size
620KB
-
Sample
231212-mchewscgc3
-
MD5
1b63b0796565a325d39153864ea2d03a
-
SHA1
cd1f6c81b1707358b5c34c4428463905064d1ba1
-
SHA256
32243965a804a5a3069217191967f31bccd3f21269a6a9f75b64fabfcbf540ba
-
SHA512
f34765214a4a31f41c0532ef4f7f5a518b21146fcacf4f78e76b88dcf90c3edcd31bffe5b227a55cafc931d52e1cb24fac46ddc414a979d4091277addc92247c
-
SSDEEP
12288:D3IU8S6eUdVe1UKWLRiwgz9Kpja1SQsDUHusVM3qBmE2MCWZiMvbx91uVGAglfZ:zItSAdQtWFiZWja1jsDUHuh9bi1nlf
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.24485.29113.exe
Resource
win7-20231020-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.femhaz.hu - Port:
587 - Username:
[email protected] - Password:
89Femhaz00! - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.femhaz.hu - Port:
587 - Username:
[email protected] - Password:
89Femhaz00!
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.24485.29113.exe
-
Size
620KB
-
MD5
1b63b0796565a325d39153864ea2d03a
-
SHA1
cd1f6c81b1707358b5c34c4428463905064d1ba1
-
SHA256
32243965a804a5a3069217191967f31bccd3f21269a6a9f75b64fabfcbf540ba
-
SHA512
f34765214a4a31f41c0532ef4f7f5a518b21146fcacf4f78e76b88dcf90c3edcd31bffe5b227a55cafc931d52e1cb24fac46ddc414a979d4091277addc92247c
-
SSDEEP
12288:D3IU8S6eUdVe1UKWLRiwgz9Kpja1SQsDUHusVM3qBmE2MCWZiMvbx91uVGAglfZ:zItSAdQtWFiZWja1jsDUHuh9bi1nlf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-