General
-
Target
payment information.r15
-
Size
615KB
-
Sample
231212-ssn59sfcgq
-
MD5
2d07f35a4d7f4c510bb05105705b0046
-
SHA1
38c92e20f9e55da1264cd61ac4bfca6a103df3ab
-
SHA256
0c62c0a43e95b14ea8ce31bd852e34b4216eb7d0577ca4d0fcb2c1a4a7307f81
-
SHA512
feebe091538880e67cfca3ff717802a392f1db5d232d84e8480e534f135ad6e760ce44e85978d6bd12d632f752f2d6fe9d74a9a287be5c209a3ff76c0d3b27f0
-
SSDEEP
12288:nytAaUqxlkRQgVmW17aHy0dc1UZiMOr/fquMAbEugrJmyZu5OPl:nytAgxGD74fc1UZkTfKAbE/kywkl
Static task
static1
Behavioral task
behavioral1
Sample
payment information.exe
Resource
win7-20231020-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
MAIL.starmech.in - Port:
587 - Username:
[email protected] - Password:
gaging@2022 - Email To:
[email protected]
Targets
-
-
Target
payment information.exe
-
Size
662KB
-
MD5
601faa896b9ddbf2e26564f88e5f2280
-
SHA1
fc542a95d91dcd6c7ec461e1796b49167bf3a8f9
-
SHA256
f24a13886b4f210691bf73566963618b370ca0781cf65cb212cafb13e12060ff
-
SHA512
7bcf72a99a6c4f2044c09866211bf489dea9a3c628f63db3eddea23b08516fbf7434c852daa1d22e8fd4e0bfcd621dfe1991285f91477780bcb6ddabcb48324c
-
SSDEEP
12288:njobG+4WpAEvyQvEsTLEzOC0lamfm1cjZxdDWDCzklbpe+f2+:spAEosfE8amfm2jZxdDQDHe
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Suspicious use of SetThreadContext
-