General
-
Target
28032024_1024_RFQ PHASE III PROJECT DESIGN & BUILD FISH NURSERY & HATCHERY FACILITIES AT VARIOUS FISH STATIONS IN ABU AL ABYAD ISLAND, AL DHAFRAH, U.A.E GAS PIPELINE EXPANSION PROJECTS.rar
-
Size
720KB
-
Sample
240328-cv5b9sdb2s
-
MD5
aac7196d59f094bd93d0d3c15403c012
-
SHA1
56a8e8fb3d9ee0cf4674a5478e9dceaa82f8f0ab
-
SHA256
2b4c8c83b52e7ecd5bf9f36fb8928c106192492122c3c558c86fd39b178d7c79
-
SHA512
c412dabcc52ff18f7919a962917a642d54718d3289b8b1e55fbde1f1741a023a0892094b9a164cb3ee3fcf41432df54b28231b992b54ffc170c0039cd45b2380
-
SSDEEP
12288:9aRM/516TJrgKTlfu/K0fzGMiFrzMbMGzv+Ix7/sKGTYvwpWS67fD5j7e7:9aCB1AcYfR00zMA2vlx7pAZUS67fD5jO
Behavioral task
behavioral1
Sample
RFQ PHASE III PROJECT DESIGN & BUILD FISH NURSERY & HATCHERY FACILITIES AT VARIOUS FISH STATIONS IN.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6790148599:AAEhI5l0I1K9eLmuDfyg3l20optJGeU2krM/
Targets
-
-
Target
RFQ PHASE III PROJECT DESIGN & BUILD FISH NURSERY & HATCHERY FACILITIES AT VARIOUS FISH STATIONS IN ABU AL ABYAD ISLAND, AL DHAFRAH, U.A.E GAS PIPELINE EXPANSION PROJECTS.exe
-
Size
988KB
-
MD5
c70862d7512c8d754272dd9a2ecb1597
-
SHA1
9682502eed10e4c072d9628502ed69eaa79365b6
-
SHA256
eb60e1e6567f7187898075207042fd61ebc8bc3cc5c9063f339a144454841164
-
SHA512
055210c14bb63c9055390a83a44027dcf28b69a73a052a43fa0bcc72703a24b0ef2d3bc8152d28f19b78b2d6db4023c8cad450790981934050a2a1f3d5cedb26
-
SSDEEP
12288:0sHzOUNUSB/o5LsI1uwajJ5yvv1l2Ud7Z8xjErfPFGQiX/MVnDkWWnk:XiUmSB/o5d1ubcv/wxATFGQvFg/k
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-