General
-
Target
39c6981bd32139dd43f2676b08ff633979c2471662c224edf6820945ae280c0c
-
Size
538KB
-
Sample
240330-bwwwvaea61
-
MD5
3d3c6c351d96900498506b2afe38c790
-
SHA1
8f0769ba9513d14475a7ee5fbc8a0fcc025fcbc7
-
SHA256
39c6981bd32139dd43f2676b08ff633979c2471662c224edf6820945ae280c0c
-
SHA512
39b2d17055ed3752b9390d1ff4d78e0e45bedcaf201c3b03862acd294c17a4c961d631c4080c5a7a250e35c2cbed8bc1d04cd1e8ffb1a8aef136fa73ab2f7050
-
SSDEEP
6144:KlooZC0PSBalew9pNPgA/+ekDf4H444l:KnZC0vlHj4A/+ekD4H444l
Static task
static1
Behavioral task
behavioral1
Sample
39c6981bd32139dd43f2676b08ff633979c2471662c224edf6820945ae280c0c.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
gator3220.hostgator.com - Port:
587 - Username:
[email protected] - Password:
OBC#75@tsGreenPass@5974a - Email To:
[email protected]
Targets
-
-
Target
39c6981bd32139dd43f2676b08ff633979c2471662c224edf6820945ae280c0c
-
Size
538KB
-
MD5
3d3c6c351d96900498506b2afe38c790
-
SHA1
8f0769ba9513d14475a7ee5fbc8a0fcc025fcbc7
-
SHA256
39c6981bd32139dd43f2676b08ff633979c2471662c224edf6820945ae280c0c
-
SHA512
39b2d17055ed3752b9390d1ff4d78e0e45bedcaf201c3b03862acd294c17a4c961d631c4080c5a7a250e35c2cbed8bc1d04cd1e8ffb1a8aef136fa73ab2f7050
-
SSDEEP
6144:KlooZC0PSBalew9pNPgA/+ekDf4H444l:KnZC0vlHj4A/+ekD4H444l
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-