General
-
Target
a9acda6b71f23edce7cab1a94c736b27e1ba3a916611e3c2fb7643d615374c68
-
Size
2.8MB
-
Sample
240330-bwmm6sea6s
-
MD5
934f11b29befe89477782beccaf462ef
-
SHA1
4a4066e23024f9bfd3b174f8b08c288b43c0cc39
-
SHA256
a9acda6b71f23edce7cab1a94c736b27e1ba3a916611e3c2fb7643d615374c68
-
SHA512
6e9b781f176f0b4a87bb4b52e7a5249d5f0fb91e1d849d52cac2a591d51de285054a0791d0fe45c3628f8eebca64af1ec03ef57afa70aa5c2a56a64d7ef5b23d
-
SSDEEP
49152:bZKh5LUxhqV6mILqaDMzGUWt5LwmR8jsF2G5zuswj6XE:AXMqUM6U85gjsMguyE
Static task
static1
Behavioral task
behavioral1
Sample
a9acda6b71f23edce7cab1a94c736b27e1ba3a916611e3c2fb7643d615374c68.exe
Resource
win7-20240220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gencoldfire.com - Port:
587 - Username:
[email protected] - Password:
%j#!%z2b/?qM68K# - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.gencoldfire.com - Port:
587 - Username:
[email protected] - Password:
%j#!%z2b/?qM68K#
Targets
-
-
Target
a9acda6b71f23edce7cab1a94c736b27e1ba3a916611e3c2fb7643d615374c68
-
Size
2.8MB
-
MD5
934f11b29befe89477782beccaf462ef
-
SHA1
4a4066e23024f9bfd3b174f8b08c288b43c0cc39
-
SHA256
a9acda6b71f23edce7cab1a94c736b27e1ba3a916611e3c2fb7643d615374c68
-
SHA512
6e9b781f176f0b4a87bb4b52e7a5249d5f0fb91e1d849d52cac2a591d51de285054a0791d0fe45c3628f8eebca64af1ec03ef57afa70aa5c2a56a64d7ef5b23d
-
SSDEEP
49152:bZKh5LUxhqV6mILqaDMzGUWt5LwmR8jsF2G5zuswj6XE:AXMqUM6U85gjsMguyE
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-