General
-
Target
e78de3b5512275a03d117c7a2f50f7d2bccc27d85d45fde4f8c47a03aed6141b
-
Size
604KB
-
Sample
231213-cckj5sfhc6
-
MD5
b32a1eb292853282fc676bd13ce3cda8
-
SHA1
97598efde6a53c48bbf83a37ecbd7771a61007bc
-
SHA256
e78de3b5512275a03d117c7a2f50f7d2bccc27d85d45fde4f8c47a03aed6141b
-
SHA512
afeb219afd6875ed578fbe44f0d44fb202f18ca51b126f8ddf44bb12f85d0bb01d82da38013905285846bd0216e684910d40a546ee9acff9c695f5f2954d6260
-
SSDEEP
12288:0HhFWENYYQiDdj8GSlPVLD60++1ONaMXQweaR7yreLNnXIU6:0HhMOYY3DUPx6JaMXdym6
Static task
static1
Behavioral task
behavioral1
Sample
DoceEtbrb.exe
Resource
win7-20231023-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.paksafety-sa.com - Port:
587 - Username:
[email protected] - Password:
ifran@paksafety - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.paksafety-sa.com - Port:
587 - Username:
[email protected] - Password:
ifran@paksafety
Targets
-
-
Target
DoceEtbrb.exe
-
Size
881KB
-
MD5
15356b7ac28460a1e2f2f877fd371d53
-
SHA1
a6d4509e85ca00c373676d94f001efadd4285c08
-
SHA256
d7de99a59d07c417b10a5586b5805f2895a68fedbb4f87702271557414d59890
-
SHA512
d97445669735ddce501726a888276b4d1d5a0686e0e41e70ed604eb4308c078a23d7bdaac30d0bd4854d1c1c9aae57eb50eee125f37432c205d03f6ed5e6317f
-
SSDEEP
12288:Ox2tKB8Hs/rjZazkfZUMmI0NnHWDoMQobQENO2nQLwbVv5Y:OctKssjjZazkfZUjNHHMQjNOVv
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-