General

  • Target

    7b857e330ceb46169459dee53b346a6016660aea63bcc3b7c8df033cf01515eb.exe

  • Size

    1.3MB

  • Sample

    240403-p3gmdsdc7z

  • MD5

    dfb3dbbbcc145e261f76f54678b4b341

  • SHA1

    25eaaf885074ecfc980ef9f70c53d5f6f3a9c6a1

  • SHA256

    7b857e330ceb46169459dee53b346a6016660aea63bcc3b7c8df033cf01515eb

  • SHA512

    33f5f6c05a03a1dd38e3ac0cb6e4e7bc665a4899368498c6356d71ef12042faab7b7c9a15971b2e806125e55c136fc08389bbbae6d72dcd6807d78a0c68b7f74

  • SSDEEP

    24576:YAHnh+eWsN3skA4RV1Hom2KXMmHavTiXGgHCo3AArvK+5:fh+ZkldoPK8Yav4nAArb

Malware Config

Targets

    • Target

      7b857e330ceb46169459dee53b346a6016660aea63bcc3b7c8df033cf01515eb.exe

    • Size

      1.3MB

    • MD5

      dfb3dbbbcc145e261f76f54678b4b341

    • SHA1

      25eaaf885074ecfc980ef9f70c53d5f6f3a9c6a1

    • SHA256

      7b857e330ceb46169459dee53b346a6016660aea63bcc3b7c8df033cf01515eb

    • SHA512

      33f5f6c05a03a1dd38e3ac0cb6e4e7bc665a4899368498c6356d71ef12042faab7b7c9a15971b2e806125e55c136fc08389bbbae6d72dcd6807d78a0c68b7f74

    • SSDEEP

      24576:YAHnh+eWsN3skA4RV1Hom2KXMmHavTiXGgHCo3AArvK+5:fh+ZkldoPK8Yav4nAArb

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks