General
-
Target
ec5d3735d3fbc85b1ba98cce0ecd8318c1dc0118d112b3c2e00cead058aa2db7
-
Size
110KB
-
Sample
240328-cdvrhacg8x
-
MD5
600c5daf359d5d9a67f79ff421519812
-
SHA1
1a0d96937257b162b2d700d166948dc9c2ef2ece
-
SHA256
ec5d3735d3fbc85b1ba98cce0ecd8318c1dc0118d112b3c2e00cead058aa2db7
-
SHA512
7af1d23da075c62eb1a22ca711f1813454e1d0ce3f4b0abb82b9497c5c06843a7910d039e2c62fc9f710ad5acdcbdd08fe9c17a60ed88ef2296935bf78c0640b
-
SSDEEP
3072:udHQGs/wjjjpvFi15A/eNjIb5jw5pzASsrI:PGs/Mjjpvo15AWhINEkSsE
Behavioral task
behavioral1
Sample
Product list.scr
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Product list.scr
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.alualuminium.com.my - Port:
587 - Username:
admin@alualuminium.com.my - Password:
U8G4S13#8Zk$ - Email To:
smart.le3@yandex.com
Targets
-
-
Target
Product list.scr
-
Size
261KB
-
MD5
740c71fa7480df0ca835b842c466d190
-
SHA1
a495afbf5175fb7c31d5bb79ab5bdefa5842ee40
-
SHA256
769e8c82f191a58829d7c5b460b80b6242a2f9b906c3a9b98e0b87fd83c88205
-
SHA512
28978c02bed5a684b724a0ec91f50d5e44f6baae7f860ad29d24f133a5b1693f7f4232bdfc1ef0babc79284d2ee8c4630b31370c5acee2243c49f7b33f3b23ea
-
SSDEEP
6144:iazT6ew3igBm7IGxRsS71IagwsUKl0zRcP8Ya:ian6emLBm7IGxRsSpsUKx8N
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
PureLog Stealer payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-