General

  • Target

    dbfe0055d945690a7a6477714e435670433cf68e946319887dc4e1e64db75e8b.exe

  • Size

    1.3MB

  • Sample

    240403-p2b1hsdc6w

  • MD5

    d1b500e77ba18b987ea8bceaec7327ad

  • SHA1

    48318c6c413b13d419bb2f64deb0b2e485c5d555

  • SHA256

    dbfe0055d945690a7a6477714e435670433cf68e946319887dc4e1e64db75e8b

  • SHA512

    8a480f21341c62cfc260f3a5894c2a1503c1107ec4785a1eb28b7e5014de34c29ded08c40f2b3e8b656c8bd0428bfb098949a3b9cdc7640e46fbd5636e2c184b

  • SSDEEP

    24576:SAHnh+eWsN3skA4RV1Hom2KXMmHa4UYliFC1mH8vyqt5:Vh+ZkldoPK8Ya4U7FC13vyk

Malware Config

Targets

    • Target

      dbfe0055d945690a7a6477714e435670433cf68e946319887dc4e1e64db75e8b.exe

    • Size

      1.3MB

    • MD5

      d1b500e77ba18b987ea8bceaec7327ad

    • SHA1

      48318c6c413b13d419bb2f64deb0b2e485c5d555

    • SHA256

      dbfe0055d945690a7a6477714e435670433cf68e946319887dc4e1e64db75e8b

    • SHA512

      8a480f21341c62cfc260f3a5894c2a1503c1107ec4785a1eb28b7e5014de34c29ded08c40f2b3e8b656c8bd0428bfb098949a3b9cdc7640e46fbd5636e2c184b

    • SSDEEP

      24576:SAHnh+eWsN3skA4RV1Hom2KXMmHa4UYliFC1mH8vyqt5:Vh+ZkldoPK8Ya4U7FC13vyk

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks