General
-
Target
cc9e44cb351b8ccbdff7856a16e7cba3782d02fd0fb14f95c5d9346f410c61b4
-
Size
2.4MB
-
Sample
240322-cn8fcafb26
-
MD5
c5a8d9f1ee447c0bc19801a8a22e5c60
-
SHA1
b5d97cd3d63530ec73e8842fd47174f4ef45da10
-
SHA256
cc9e44cb351b8ccbdff7856a16e7cba3782d02fd0fb14f95c5d9346f410c61b4
-
SHA512
56e22370fda6900dc1da513174952aae11e5abd988823ff5491c116e6189f1c12900e02b76987f6aa5e14e7ed39353d6b47dc7349f6ba96bcf01e3b32f387850
-
SSDEEP
49152:b6gS2WgqlEZI62glJc8NGn3kKUgNuOVsi1TD4HHqod5rTuXhP1FeEo:ed2aELw8NIULg5sG3QHNZuRT+
Behavioral task
behavioral1
Sample
cc9e44cb351b8ccbdff7856a16e7cba3782d02fd0fb14f95c5d9346f410c61b4.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
cc9e44cb351b8ccbdff7856a16e7cba3782d02fd0fb14f95c5d9346f410c61b4.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
66.29.151.236 - Port:
587 - Username:
[email protected] - Password:
09Xt0hBU4PzO - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
66.29.151.236 - Port:
587 - Username:
[email protected] - Password:
09Xt0hBU4PzO
Targets
-
-
Target
cc9e44cb351b8ccbdff7856a16e7cba3782d02fd0fb14f95c5d9346f410c61b4
-
Size
2.4MB
-
MD5
c5a8d9f1ee447c0bc19801a8a22e5c60
-
SHA1
b5d97cd3d63530ec73e8842fd47174f4ef45da10
-
SHA256
cc9e44cb351b8ccbdff7856a16e7cba3782d02fd0fb14f95c5d9346f410c61b4
-
SHA512
56e22370fda6900dc1da513174952aae11e5abd988823ff5491c116e6189f1c12900e02b76987f6aa5e14e7ed39353d6b47dc7349f6ba96bcf01e3b32f387850
-
SSDEEP
49152:b6gS2WgqlEZI62glJc8NGn3kKUgNuOVsi1TD4HHqod5rTuXhP1FeEo:ed2aELw8NIULg5sG3QHNZuRT+
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
PureLog Stealer payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-