General
-
Target
342d5752ba9a104d055d4c86cb62f9bd10713b77e9826a5724794f974263e593
-
Size
786KB
-
Sample
240113-bvwjpaabf9
-
MD5
f43d3f7b4db3457b2905d71f9018f846
-
SHA1
9f468aad1da53d8452db53124f17f76474b14497
-
SHA256
342d5752ba9a104d055d4c86cb62f9bd10713b77e9826a5724794f974263e593
-
SHA512
19cee24a568fe3bbc9105a2ee32bc478063f801654cae1a556d4cc307da91f99115696fbb023d0d500b2ff3833c20373fe365ac6cc57ce54a85707c49c4c979f
-
SSDEEP
12288:RsHzOUNUSB/o5LsI1uwajJ5yvv1l22tZbMr+BunsfbRuI6tD0XSlRV:YiUmSB/o5d1ubcv9ZArFqbR/6x3X
Malware Config
Targets
-
-
Target
342d5752ba9a104d055d4c86cb62f9bd10713b77e9826a5724794f974263e593
-
Size
786KB
-
MD5
f43d3f7b4db3457b2905d71f9018f846
-
SHA1
9f468aad1da53d8452db53124f17f76474b14497
-
SHA256
342d5752ba9a104d055d4c86cb62f9bd10713b77e9826a5724794f974263e593
-
SHA512
19cee24a568fe3bbc9105a2ee32bc478063f801654cae1a556d4cc307da91f99115696fbb023d0d500b2ff3833c20373fe365ac6cc57ce54a85707c49c4c979f
-
SSDEEP
12288:RsHzOUNUSB/o5LsI1uwajJ5yvv1l22tZbMr+BunsfbRuI6tD0XSlRV:YiUmSB/o5d1ubcv9ZArFqbR/6x3X
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-