General
-
Target
aa8adb971a2cb251222416ef3a8873c8c4d620e92658f9304e25e5c07c731f79
-
Size
2.4MB
-
Sample
240327-b1spzshc83
-
MD5
86fad28f9bb29be21fc2c4f2c3a2e680
-
SHA1
ecc89cdf6f79ca7bf5a0e60cbf1e35d1a5d36554
-
SHA256
aa8adb971a2cb251222416ef3a8873c8c4d620e92658f9304e25e5c07c731f79
-
SHA512
a3c17cb742e7cc94fb3a542c22af81a37941e3337ab44c0d052fe224191fefb31f5daf3b3e6d98ece4a4ee8e54c807700a9b8438ae87ab3355896192a4596eb6
-
SSDEEP
24576:JIy8RpD8QOw2FosEFhmozEiKPUJzWf6TQqWqQfGxsc46n00/InhWxOuKo79cdy18:JIB7IJpPGLTQq8fGSc460qlKo79Axi
Static task
static1
Behavioral task
behavioral1
Sample
aa8adb971a2cb251222416ef3a8873c8c4d620e92658f9304e25e5c07c731f79.exe
Resource
win7-20231129-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.apexrnun.com - Port:
587 - Username:
[email protected] - Password:
CCu5Z?WuH+bS4hsz - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.apexrnun.com - Port:
587 - Username:
[email protected] - Password:
CCu5Z?WuH+bS4hsz
Targets
-
-
Target
aa8adb971a2cb251222416ef3a8873c8c4d620e92658f9304e25e5c07c731f79
-
Size
2.4MB
-
MD5
86fad28f9bb29be21fc2c4f2c3a2e680
-
SHA1
ecc89cdf6f79ca7bf5a0e60cbf1e35d1a5d36554
-
SHA256
aa8adb971a2cb251222416ef3a8873c8c4d620e92658f9304e25e5c07c731f79
-
SHA512
a3c17cb742e7cc94fb3a542c22af81a37941e3337ab44c0d052fe224191fefb31f5daf3b3e6d98ece4a4ee8e54c807700a9b8438ae87ab3355896192a4596eb6
-
SSDEEP
24576:JIy8RpD8QOw2FosEFhmozEiKPUJzWf6TQqWqQfGxsc46n00/InhWxOuKo79cdy18:JIB7IJpPGLTQq8fGSc460qlKo79Axi
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-