General
-
Target
PRE ALERT NOTICE.exe
-
Size
662KB
-
Sample
231212-rykjlaeeeq
-
MD5
3cfb07a2465657d8928e675dedcd9978
-
SHA1
c5bd7e1f89fde69af56a8305e5fac685557da92e
-
SHA256
b5373781057e3cc3a3e2064f57942adc17f2a3905de6c1037332dfaede7a9cba
-
SHA512
77c6687b8c635e90b8c19c914d5873ee40a8105448dc96480a2a1c1fb7abcb201ad4cd0a0ae9768a696743a29b1e6d25aeed62dcc93d5d60fee858781326c88a
-
SSDEEP
12288:huGo+4WpAE9y7Rxkz2Uo6hYMRbG7TyQ8WyDv3WDWHUIpUsimxVR5dx6D78cPLC+:ppAEIxyo6hplGUWyrWDEUIpUOTKD
Static task
static1
Behavioral task
behavioral1
Sample
PRE ALERT NOTICE.exe
Resource
win7-20231020-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.2sautomobile.com - Port:
587 - Username:
[email protected] - Password:
Kenzi051008 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.2sautomobile.com - Port:
587 - Username:
[email protected] - Password:
Kenzi051008
Targets
-
-
Target
PRE ALERT NOTICE.exe
-
Size
662KB
-
MD5
3cfb07a2465657d8928e675dedcd9978
-
SHA1
c5bd7e1f89fde69af56a8305e5fac685557da92e
-
SHA256
b5373781057e3cc3a3e2064f57942adc17f2a3905de6c1037332dfaede7a9cba
-
SHA512
77c6687b8c635e90b8c19c914d5873ee40a8105448dc96480a2a1c1fb7abcb201ad4cd0a0ae9768a696743a29b1e6d25aeed62dcc93d5d60fee858781326c88a
-
SSDEEP
12288:huGo+4WpAE9y7Rxkz2Uo6hYMRbG7TyQ8WyDv3WDWHUIpUsimxVR5dx6D78cPLC+:ppAEIxyo6hplGUWyrWDEUIpUOTKD
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-