General
-
Target
206e47751e77f15c70870e3ca493ee455be747be1050ae8ae53c37372a5dff44
-
Size
610KB
-
Sample
231213-cclgfafhc7
-
MD5
90c364866cad1fe5ab5057bafd4537f1
-
SHA1
75073e7dc1759b65bb7a455551ce2ab9f9f684f7
-
SHA256
206e47751e77f15c70870e3ca493ee455be747be1050ae8ae53c37372a5dff44
-
SHA512
e72b713094696abb8a93177043f0ac0b7603e9bde76c152cd10e41fcc2c879ad86bf0360276e28a652d7bc1234b197c32fd10672b8b1f08a2416db059901baac
-
SSDEEP
12288:/M7/RIfwZp8BFIQIeyxVfAArEYmO1sTsRjSBgnvRg99o6NDuk2y3Jqqsh3Yj:Y/Gfk6FI1jzAye4esxfvRg995NS23Yh4
Static task
static1
Behavioral task
behavioral1
Sample
NN $$.exe
Resource
win7-20231025-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.helikhodro.com - Port:
587 - Username:
[email protected] - Password:
@Ii9121070423 - Email To:
[email protected]
Targets
-
-
Target
NN $$.exe
-
Size
884KB
-
MD5
f6953ef972f68aa5ddf83fb22694885d
-
SHA1
ef1c44e51d2e11c27b09f5b86ad1cc296b3391a0
-
SHA256
355dd2c151a8acc04968060f9a92ddfe6d35839b63cae0a5e4f275ed7b5af945
-
SHA512
7f663fee4fa5f8893c7fd857315aaac2d9cc2d63c19db9cfdbfa77aa4ad2411e3cd593d019f05ce4e1ffd27a505e02abb64a2b43de7b2edfddace6794ce16a3e
-
SSDEEP
12288:VyVt2vuIQIeyxVfgArI7C2uQ1qEyIFPRj74tXg/i9Duk2y377rQwJXP:VIt2vuI1jzgJYmfy0xqXg69S23nkwf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-