General
-
Target
39fe60dc27418eaf8ceef5c185c9467597bcb7a7bca0408d5a2b67be29fc0607
-
Size
2.8MB
-
Sample
240328-bvtp4acf4y
-
MD5
30e2cc8917828ba59125b6dd47f5bccb
-
SHA1
70b6785bb46c89d12c918d14ac5cddaa69e5622c
-
SHA256
39fe60dc27418eaf8ceef5c185c9467597bcb7a7bca0408d5a2b67be29fc0607
-
SHA512
9a631c8e2f70a377ecf9b780d58eec86a69f1459b8c015bf392922f7cc7d04ee0d693738b9ae6fb9831c94dedf91856a0e9af5b7bd9b5cbe6eb613f0a915e810
-
SSDEEP
24576:PECoZtHlgd0uj3zY+3RaehaFOUu7o9Tb1SbUKlFWzvnkbkT5PLmPAZYYih+/5swD:IlqbLzZ9oXFTYh+xsOpcUkCvFlaOOgO
Static task
static1
Behavioral task
behavioral1
Sample
39fe60dc27418eaf8ceef5c185c9467597bcb7a7bca0408d5a2b67be29fc0607.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.apexrnun.com - Port:
587 - Username:
[email protected] - Password:
TsHZsTv}Jnj5E5Bn - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.apexrnun.com - Port:
587 - Username:
[email protected] - Password:
TsHZsTv}Jnj5E5Bn
Targets
-
-
Target
39fe60dc27418eaf8ceef5c185c9467597bcb7a7bca0408d5a2b67be29fc0607
-
Size
2.8MB
-
MD5
30e2cc8917828ba59125b6dd47f5bccb
-
SHA1
70b6785bb46c89d12c918d14ac5cddaa69e5622c
-
SHA256
39fe60dc27418eaf8ceef5c185c9467597bcb7a7bca0408d5a2b67be29fc0607
-
SHA512
9a631c8e2f70a377ecf9b780d58eec86a69f1459b8c015bf392922f7cc7d04ee0d693738b9ae6fb9831c94dedf91856a0e9af5b7bd9b5cbe6eb613f0a915e810
-
SSDEEP
24576:PECoZtHlgd0uj3zY+3RaehaFOUu7o9Tb1SbUKlFWzvnkbkT5PLmPAZYYih+/5swD:IlqbLzZ9oXFTYh+xsOpcUkCvFlaOOgO
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-