General
-
Target
Statement of Account.rar
-
Size
618KB
-
Sample
231212-swlvbafddm
-
MD5
3301f06617256a8eb1b61c43f59401cb
-
SHA1
f21cd314928ea6ed2e7dd4ac1d79fe4dd24052ea
-
SHA256
36c6500eeae2956b4c5bcbb84aa87198c95d8b16efa0bd94b1bc604f6bede773
-
SHA512
7284c2b32babbd4e04f3a97fb9d7c95da0c6b5538f95231e5b90ba2cdfd0afc29d91b2f67880c1517a8d1b38aea120cab8fbb06d59a502de65dc0ecfcc078f1a
-
SSDEEP
12288:DE4OfhTLIGBqLyLqgDv4ur8vbi3I9yH+57G5J1ivc:TOf1LIGYOOIwbV93G5J1j
Malware Config
Extracted
Protocol: smtp- Host:
mail.asiaparadisehotel.com - Port:
587 - Username:
[email protected] - Password:
KTNL)LqQaA(8
Extracted
agenttesla
Protocol: smtp- Host:
mail.asiaparadisehotel.com - Port:
587 - Username:
[email protected] - Password:
KTNL)LqQaA(8 - Email To:
[email protected]
Targets
-
-
Target
Statement of Account.exe
-
Size
665KB
-
MD5
8cde3c38aba1d12314914ef9f392f249
-
SHA1
41bf1c60d192446b192bf8de0906af8e4e35c38f
-
SHA256
662d11eea0dab34f36fa8f01e49c9ddea9d111e71d0509fa25993525e486d837
-
SHA512
7e2f1256a404438566da00fbecb33ce6e186a363b8043d7f9a9f7cda39cc2e2afcc05b35d25ac10c6415c576824e5c6ab7ca4132dcb282eca7b87721cf3eccf7
-
SSDEEP
12288:QjHbc+4WpAEAy7sE3vSQq32CqHUjEWl4kFx2T9DcLEOyylTQK+p3c+z+:6pAEoAtqmCYkFx25aFuK+G+
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-