General
-
Target
7b857e330ceb46169459dee53b346a6016660aea63bcc3b7c8df033cf01515eb.exe
-
Size
1.3MB
-
Sample
240403-p3gmdsdc7z
-
MD5
dfb3dbbbcc145e261f76f54678b4b341
-
SHA1
25eaaf885074ecfc980ef9f70c53d5f6f3a9c6a1
-
SHA256
7b857e330ceb46169459dee53b346a6016660aea63bcc3b7c8df033cf01515eb
-
SHA512
33f5f6c05a03a1dd38e3ac0cb6e4e7bc665a4899368498c6356d71ef12042faab7b7c9a15971b2e806125e55c136fc08389bbbae6d72dcd6807d78a0c68b7f74
-
SSDEEP
24576:YAHnh+eWsN3skA4RV1Hom2KXMmHavTiXGgHCo3AArvK+5:fh+ZkldoPK8Yav4nAArb
Static task
static1
Behavioral task
behavioral1
Sample
7b857e330ceb46169459dee53b346a6016660aea63bcc3b7c8df033cf01515eb.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7b857e330ceb46169459dee53b346a6016660aea63bcc3b7c8df033cf01515eb.exe
Resource
win10v2004-20240319-en
Malware Config
Targets
-
-
Target
7b857e330ceb46169459dee53b346a6016660aea63bcc3b7c8df033cf01515eb.exe
-
Size
1.3MB
-
MD5
dfb3dbbbcc145e261f76f54678b4b341
-
SHA1
25eaaf885074ecfc980ef9f70c53d5f6f3a9c6a1
-
SHA256
7b857e330ceb46169459dee53b346a6016660aea63bcc3b7c8df033cf01515eb
-
SHA512
33f5f6c05a03a1dd38e3ac0cb6e4e7bc665a4899368498c6356d71ef12042faab7b7c9a15971b2e806125e55c136fc08389bbbae6d72dcd6807d78a0c68b7f74
-
SSDEEP
24576:YAHnh+eWsN3skA4RV1Hom2KXMmHavTiXGgHCo3AArvK+5:fh+ZkldoPK8Yav4nAArb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-