General
-
Target
3a6666e2820fa42ca7b386d7c1029637a717f01c8c550474a0c05a48df3276c6
-
Size
5KB
-
Sample
240213-ceweesab97
-
MD5
c034a0b410854a329c4c6518049778e3
-
SHA1
8d07e1fc68f288871193f3097de62dd5e71c338c
-
SHA256
3a6666e2820fa42ca7b386d7c1029637a717f01c8c550474a0c05a48df3276c6
-
SHA512
093bfcd6b72fbf8d514b42e62ac49542d188a83414d4a55f9357dd92431da95ab3e6113349c183eeade40ebd6b46dc3ede3687fba178fdc0267a0a760e03ae80
-
SSDEEP
48:6RT+77Uf77v3JfzwDtqYQKsF3YJAOakTTK8L+psVtiOl0BqFSpfbNtm:7gz7Q/4oJ9RTCjzNt
Malware Config
Extracted
purecrypter
https://taastruck.vn/Pkzzw.pdf
Extracted
agenttesla
Protocol: smtp- Host:
mail.tecnosilos.com.py - Port:
587 - Username:
[email protected] - Password:
wY],Z[mo8kxz - Email To:
[email protected]
Targets
-
-
Target
3a6666e2820fa42ca7b386d7c1029637a717f01c8c550474a0c05a48df3276c6
-
Size
5KB
-
MD5
c034a0b410854a329c4c6518049778e3
-
SHA1
8d07e1fc68f288871193f3097de62dd5e71c338c
-
SHA256
3a6666e2820fa42ca7b386d7c1029637a717f01c8c550474a0c05a48df3276c6
-
SHA512
093bfcd6b72fbf8d514b42e62ac49542d188a83414d4a55f9357dd92431da95ab3e6113349c183eeade40ebd6b46dc3ede3687fba178fdc0267a0a760e03ae80
-
SSDEEP
48:6RT+77Uf77v3JfzwDtqYQKsF3YJAOakTTK8L+psVtiOl0BqFSpfbNtm:7gz7Q/4oJ9RTCjzNt
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-