General
-
Target
TRASMISSIONE NS ORDINE NR S 34 RIF PETRILLI A .msg
-
Size
2.2MB
-
Sample
240319-m8cjhsbc9w
-
MD5
b2fd1123a5cf7d81beff1b96a99e683b
-
SHA1
a59e2bc11ad48732913cf501b528f55362583864
-
SHA256
b9c367dac30e3d26b6ae664b1108bf215ce23556557f33fe071fdc7d03e7d9dd
-
SHA512
a3893f7ebb4550aa337127094a22c6d37ca062fe9cf2cdb5006ed8a1a6012740675c954bc33e49a3560f92563100c616f8d3d6f38d60bbed55b3a3130bf1b9da
-
SSDEEP
49152:m/7JOxZJKq9Ox3Fe8nV0E0qlCoXyAWAMpsiasijWDece:R/m3RnV47xza4t
Behavioral task
behavioral1
Sample
QUOTATION_MARQTRA031244PDF.scr
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
QUOTATION_MARQTRA031244PDF.scr
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
gator3220.hostgator.com - Port:
587 - Username:
[email protected] - Password:
RaFv@tsTUK55@@<<!! - Email To:
[email protected]
Targets
-
-
Target
QUOTATION_MARQTRA031244PDF.scr
-
Size
2.5MB
-
MD5
6126547ab734fb6d59c9689d6e97e0b1
-
SHA1
dc62f31b70f43717215f671363249430aac93350
-
SHA256
b7128db8d1ce07b5f67c861bc3bb5e78e80563fca8c6862bf799247683e7670f
-
SHA512
8e0136b24336c9b423c1701bb15c85ef1cb424e92423d160e0e0de597bceaa67b476778775bed9b2d330bdc688be15e84a1ca8b1c4940f5367d0e1105e3cc8ed
-
SSDEEP
49152:bu5meHYWZgAeRrncr4Er3we2sNh4hOtNTdFf4H444lR:bSmceZcMEPdHh4H444lR
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
PureLog Stealer payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-