General
-
Target
15477_9153a8b3b10c014b57d836be98255e8747f3ee4d933c8ed1980cde09d5dec0e9.zip
-
Size
50KB
-
Sample
240321-nre4raca3z
-
MD5
3386b0e621582e37fdeadd04f82938b8
-
SHA1
1d3f53740da80b39ce28f27dffa86335ae95e629
-
SHA256
2d31b1612fd5bbad0e5cc10b19d0606af78cc1ca000f3857bedebdbe56847a08
-
SHA512
f3596175a24e596cb55eb2eabdc137430356955faecb7a3ffd61dad405be93b5128bf099f833df01afb04585c3b2ab688eee33b6b6d720754076076a94e88859
-
SSDEEP
768:msKA7RYuZTJAZEBN6j23VThMSjZ1sepH8a3Ah//EOHT/1q52k8bHu9GhVbO6A0Q2:m3AttJAZb63VTa8Vpc7p/bqT8bRhFZZN
Behavioral task
behavioral1
Sample
9153a8b3b10c014b57d836be98255e8747f3ee4d933c8ed1980cde09d5dec0e9.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9153a8b3b10c014b57d836be98255e8747f3ee4d933c8ed1980cde09d5dec0e9.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7065574915:AAGqdyBoQ1HUjGuLPU7BdeGxB07q15OCF18/
Targets
-
-
Target
9153a8b3b10c014b57d836be98255e8747f3ee4d933c8ed1980cde09d5dec0e9
-
Size
448KB
-
MD5
241036b62b644433eeda9f4bf4c8dc40
-
SHA1
57e00fd86695049639168c22fb5bb9ab9136a7fe
-
SHA256
9153a8b3b10c014b57d836be98255e8747f3ee4d933c8ed1980cde09d5dec0e9
-
SHA512
28097d26167483c9dc57230875bd551985278fb452ba74e7e0914ddb9c3894ff27e7cf088b6b2cdbb2054a52001c540c3c89119b010e9f3201ec4e284b96dae1
-
SSDEEP
3072:HS6MBoglFU8uT14K5BjWUzpsYyjxh4H444lM:H8BoO+T4KOO6f4H444l
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
PureLog Stealer payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Suspicious use of SetThreadContext
-