General
-
Target
0bce67c131db40f3fff060ada82c0ef5e9f6a0f9f394990cb88f2d9f8b2519e8
-
Size
2.4MB
-
Sample
240327-b3yzsacd6x
-
MD5
cd24d4ce22d4b371b5cf11e2c5c5a042
-
SHA1
e8e163189a81b54f9be0fae7a6f891aa2e023e91
-
SHA256
0bce67c131db40f3fff060ada82c0ef5e9f6a0f9f394990cb88f2d9f8b2519e8
-
SHA512
dd2482980695cdfc938c6896054b037cd6911418f54323c663f3afc836f701c58ffd2d5f57cc0dce7c9451e19b14d6d687233c0569fcf04a908dfe8d404f9c5d
-
SSDEEP
49152:jNtbtzpPfqveJDXwqJrxrRIvMeuh3haBcDe+6aLw:Jtb/Pyqwqlquh3AOe
Static task
static1
Behavioral task
behavioral1
Sample
0bce67c131db40f3fff060ada82c0ef5e9f6a0f9f394990cb88f2d9f8b2519e8.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.apexrnun.com - Port:
587 - Username:
[email protected] - Password:
TsHZsTv}Jnj5E5Bn - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.apexrnun.com - Port:
587 - Username:
[email protected] - Password:
TsHZsTv}Jnj5E5Bn
Targets
-
-
Target
0bce67c131db40f3fff060ada82c0ef5e9f6a0f9f394990cb88f2d9f8b2519e8
-
Size
2.4MB
-
MD5
cd24d4ce22d4b371b5cf11e2c5c5a042
-
SHA1
e8e163189a81b54f9be0fae7a6f891aa2e023e91
-
SHA256
0bce67c131db40f3fff060ada82c0ef5e9f6a0f9f394990cb88f2d9f8b2519e8
-
SHA512
dd2482980695cdfc938c6896054b037cd6911418f54323c663f3afc836f701c58ffd2d5f57cc0dce7c9451e19b14d6d687233c0569fcf04a908dfe8d404f9c5d
-
SSDEEP
49152:jNtbtzpPfqveJDXwqJrxrRIvMeuh3haBcDe+6aLw:Jtb/Pyqwqlquh3AOe
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-