General
-
Target
Balance payment.zip
-
Size
612KB
-
Sample
231212-s1b6nshbb8
-
MD5
d374823e8673ee2f9367f9738b995419
-
SHA1
42a0d8d9122637384b6b9997924672933943e7d5
-
SHA256
2a044848c113e892dfd68786fcb9f2cc9d8d6777104aff9aa1054ae69bcf4d04
-
SHA512
c484b2310c353f989864d3c4685f78b5d27b061f6fe66a2661b0089845510bf7ed161fda1370219c424fac7db78d98712522ef850693f108351dec09885de240
-
SSDEEP
12288:KZQMiVd9xQPvdGnAfoWz8m5c94IhN8uEUlDRZolaHDjJkf+vzAgZ3Ms:oi3cGAfoW5apEKRJkf+rZ8s
Malware Config
Targets
-
-
Target
Balance payment.exe
-
Size
650KB
-
MD5
af152a19dca3450f6e9644082b8722ca
-
SHA1
35377e364ade5aa3611c8ba05d68b384010e835c
-
SHA256
43505231035c21e05e594cefd6519952f5808f9b6b3e20b5a1abacde15b8cb9c
-
SHA512
650c2f778f41c95a80cd505b0ee660035d51a9b0490059ff8338441e96c59ef7047334edbf5ccac54dfbbd395adfabee4fab4a3c4a86103e7e6b7f1f84d80fb8
-
SSDEEP
12288:xw3IU8S6eUdh2PtdGn0foFJbvrC3AHmQKdagDU5QjYsiGX2:xOItSAdh2rG0foHrCQKdTU5M0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-