General
-
Target
payment information.exe
-
Size
662KB
-
Sample
231212-rwk3cagca2
-
MD5
601faa896b9ddbf2e26564f88e5f2280
-
SHA1
fc542a95d91dcd6c7ec461e1796b49167bf3a8f9
-
SHA256
f24a13886b4f210691bf73566963618b370ca0781cf65cb212cafb13e12060ff
-
SHA512
7bcf72a99a6c4f2044c09866211bf489dea9a3c628f63db3eddea23b08516fbf7434c852daa1d22e8fd4e0bfcd621dfe1991285f91477780bcb6ddabcb48324c
-
SSDEEP
12288:njobG+4WpAEvyQvEsTLEzOC0lamfm1cjZxdDWDCzklbpe+f2+:spAEosfE8amfm2jZxdDQDHe
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
MAIL.starmech.in - Port:
587 - Username:
[email protected] - Password:
gaging@2022 - Email To:
[email protected]
Targets
-
-
Target
payment information.exe
-
Size
662KB
-
MD5
601faa896b9ddbf2e26564f88e5f2280
-
SHA1
fc542a95d91dcd6c7ec461e1796b49167bf3a8f9
-
SHA256
f24a13886b4f210691bf73566963618b370ca0781cf65cb212cafb13e12060ff
-
SHA512
7bcf72a99a6c4f2044c09866211bf489dea9a3c628f63db3eddea23b08516fbf7434c852daa1d22e8fd4e0bfcd621dfe1991285f91477780bcb6ddabcb48324c
-
SSDEEP
12288:njobG+4WpAEvyQvEsTLEzOC0lamfm1cjZxdDWDCzklbpe+f2+:spAEosfE8amfm2jZxdDQDHe
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Suspicious use of SetThreadContext
-