General
-
Target
13bd66edb2ecc85ebe96d2c1849247daf584676af11e6bf42866de86d605bd26
-
Size
614KB
-
Sample
231213-bac7lsfcb9
-
MD5
2449704dead35b549ff9e4d24fcb672d
-
SHA1
058c2204c1076bdf6e18d6943fd137463eaf02de
-
SHA256
13bd66edb2ecc85ebe96d2c1849247daf584676af11e6bf42866de86d605bd26
-
SHA512
5b0bff26ec91774e0b5d354183d09141457300e187d6786e037719a4b4a988161499b9cdf434858cf2fd638b9dd4ff6a68e3ffae038137bec748581159665d94
-
SSDEEP
12288:ve8wqDiLMADCdesnQ7h4kFormdNpCPRBxTbcEtu6FZTD7qO:ve8wEcC417zBpCP2E8wTD3
Static task
static1
Behavioral task
behavioral1
Sample
order RFQ-HL51L05....exe
Resource
win7-20231020-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.elec-qatar.com - Port:
587 - Username:
[email protected] - Password:
MHabrar2019@# - Email To:
[email protected]
Targets
-
-
Target
order RFQ-HL51L05....exe
-
Size
883KB
-
MD5
c98e3e9eb2976b634f5c8b056b77ce2c
-
SHA1
4a2cf6c032b526dc2998ed00a3d7517512a15aab
-
SHA256
760870faeb6c745b911d6a40a785ca0f42f15d6e454899afd40ecc64c5d6522b
-
SHA512
5b35069bc0d7bf5449acd9ebb44c15dcc59a7e713913755c4baabf9a8bf19524dbe86fa18c1ca83677dfb553cb98d316888663fce7aa2b8b97082b62b81c5f12
-
SSDEEP
12288:sgLtOinUADClesz2PB4Ch1dNiK8dAPznxTfgEBu8FZTLP6493vibu:s4tEcCwzPnliK8dAP2Eg2TrppvD
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-