General
-
Target
514bdb6e85fe778c55bc763aa5cd761e0fe6780e4d5686292302ee5728fe9365
-
Size
4.7MB
-
Sample
240327-b5drmace2x
-
MD5
744d5474d67d9654be94eb73b4565eda
-
SHA1
1dffd099bd9e2edb6e50446cec8732de519d9821
-
SHA256
514bdb6e85fe778c55bc763aa5cd761e0fe6780e4d5686292302ee5728fe9365
-
SHA512
950c100eb9bf2439580b613fe86885e41899848c3fa29174a636ab140c489011642da89250c38f7db35228920b24bb8c729d85c7ce1f97df2e63f4cb414fae43
-
SSDEEP
49152:dB42Wowf8PO8e2xYWY9lqIi0Kiy96wrBR1:n42pU8le2uY/76wrBX
Static task
static1
Behavioral task
behavioral1
Sample
514bdb6e85fe778c55bc763aa5cd761e0fe6780e4d5686292302ee5728fe9365.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
514bdb6e85fe778c55bc763aa5cd761e0fe6780e4d5686292302ee5728fe9365.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.amtechprinting.com - Port:
21 - Username:
[email protected] - Password:
7DIK+y&7]WOK
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.amtechprinting.com - Port:
21 - Username:
[email protected] - Password:
7DIK+y&7]WOK
Targets
-
-
Target
514bdb6e85fe778c55bc763aa5cd761e0fe6780e4d5686292302ee5728fe9365
-
Size
4.7MB
-
MD5
744d5474d67d9654be94eb73b4565eda
-
SHA1
1dffd099bd9e2edb6e50446cec8732de519d9821
-
SHA256
514bdb6e85fe778c55bc763aa5cd761e0fe6780e4d5686292302ee5728fe9365
-
SHA512
950c100eb9bf2439580b613fe86885e41899848c3fa29174a636ab140c489011642da89250c38f7db35228920b24bb8c729d85c7ce1f97df2e63f4cb414fae43
-
SSDEEP
49152:dB42Wowf8PO8e2xYWY9lqIi0Kiy96wrBR1:n42pU8le2uY/76wrBX
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-