General
-
Target
a368d823c18b959c49bccd9bc33b1eda9493c6f1edc0409ea1025a56ba12b77c
-
Size
2.8MB
-
Sample
240328-bvmlsacf4x
-
MD5
a3f986bb19748e9a233b187a5a4d0edc
-
SHA1
a4fff66fd687dfe2afadf019f0973596a7ac73e4
-
SHA256
a368d823c18b959c49bccd9bc33b1eda9493c6f1edc0409ea1025a56ba12b77c
-
SHA512
2286ca3ca7b29c8b4f34f05e70c71cb63bfbbf0b7d22fca1f589733875f2d97db2fcf57a8d1e2c669a87ce720b2452d8164992cfa1e63696d1171ae8af15ad6d
-
SSDEEP
49152:eBrmAoJQKHDPuFwVBj8V0E4NM4IACMapRWqUK8fpFv:srpeTVBIV0S/ACMayQ8D
Static task
static1
Behavioral task
behavioral1
Sample
a368d823c18b959c49bccd9bc33b1eda9493c6f1edc0409ea1025a56ba12b77c.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gencoldfire.com - Port:
587 - Username:
[email protected] - Password:
mh7B/7[hSO#bYHw1 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.gencoldfire.com - Port:
587 - Username:
[email protected] - Password:
mh7B/7[hSO#bYHw1
Targets
-
-
Target
a368d823c18b959c49bccd9bc33b1eda9493c6f1edc0409ea1025a56ba12b77c
-
Size
2.8MB
-
MD5
a3f986bb19748e9a233b187a5a4d0edc
-
SHA1
a4fff66fd687dfe2afadf019f0973596a7ac73e4
-
SHA256
a368d823c18b959c49bccd9bc33b1eda9493c6f1edc0409ea1025a56ba12b77c
-
SHA512
2286ca3ca7b29c8b4f34f05e70c71cb63bfbbf0b7d22fca1f589733875f2d97db2fcf57a8d1e2c669a87ce720b2452d8164992cfa1e63696d1171ae8af15ad6d
-
SSDEEP
49152:eBrmAoJQKHDPuFwVBj8V0E4NM4IACMapRWqUK8fpFv:srpeTVBIV0S/ACMayQ8D
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-