General
-
Target
copy#10607753.exe
-
Size
274KB
-
Sample
240403-p7hegsdg72
-
MD5
e0f776d5c784cc1696ff0e23bb6c86bf
-
SHA1
2411b05684e01da4793451577bf1ba9ddcc3f188
-
SHA256
892ab31c686601fb795155002a84a5a9a5e599d772b069a05926d9b2f6172869
-
SHA512
40afc32c3ad63689f973c2b45d8b16a2ef975417d7dfd66257e9b3da1141f26154464ffc9d0b3d9a70e6dd9d2e93075f49bf7efd9c09d62c5f69812c7006488a
-
SSDEEP
3072:uZm+TPNLR5oKsJY1Cv259mr0pknZ8BI/uYZVGMkTWnIN2zqa0ARlfBWeSV4S/eZm:GmKlN1R7z6tkqnhz5PXlw/w6wAV
Static task
static1
Behavioral task
behavioral1
Sample
copy#10607753.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
copy#10607753.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
66.29.151.236 - Port:
587 - Username:
[email protected] - Password:
DRaa8A9L3DVc - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
66.29.151.236 - Port:
587 - Username:
[email protected] - Password:
DRaa8A9L3DVc
Targets
-
-
Target
copy#10607753.exe
-
Size
274KB
-
MD5
e0f776d5c784cc1696ff0e23bb6c86bf
-
SHA1
2411b05684e01da4793451577bf1ba9ddcc3f188
-
SHA256
892ab31c686601fb795155002a84a5a9a5e599d772b069a05926d9b2f6172869
-
SHA512
40afc32c3ad63689f973c2b45d8b16a2ef975417d7dfd66257e9b3da1141f26154464ffc9d0b3d9a70e6dd9d2e93075f49bf7efd9c09d62c5f69812c7006488a
-
SSDEEP
3072:uZm+TPNLR5oKsJY1Cv259mr0pknZ8BI/uYZVGMkTWnIN2zqa0ARlfBWeSV4S/eZm:GmKlN1R7z6tkqnhz5PXlw/w6wAV
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-