General
-
Target
Kmjcdaceubh.exe
-
Size
2.3MB
-
Sample
240403-p9mf8adh46
-
MD5
3e58930a6b36da56f7bdd3d94b41118f
-
SHA1
a656b7c73ac4a377a13cae34d6c5f100c0f8c21b
-
SHA256
63f9a0718e53313ba9da21eeb62b84ef77936a437d177451a2cce0970c2351d5
-
SHA512
839c3d9319a3dc1cbda1adcbae3a88f2d44e407f464a3fca81e7a7b631192b5953cccb3533f94272e2b2053869cb8c0ff26a6625c6005e052700dfd9b0e7dbb1
-
SSDEEP
49152:9cw4LZw23q7NdpWGAwDop9AVBrjHyULRLBg33L5EaqlkRMC/qSy77sjs:9cnv4dpKgobKN5RLmHtyCcE
Static task
static1
Behavioral task
behavioral1
Sample
Kmjcdaceubh.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Kmjcdaceubh.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
america123456$ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
america123456$
Targets
-
-
Target
Kmjcdaceubh.exe
-
Size
2.3MB
-
MD5
3e58930a6b36da56f7bdd3d94b41118f
-
SHA1
a656b7c73ac4a377a13cae34d6c5f100c0f8c21b
-
SHA256
63f9a0718e53313ba9da21eeb62b84ef77936a437d177451a2cce0970c2351d5
-
SHA512
839c3d9319a3dc1cbda1adcbae3a88f2d44e407f464a3fca81e7a7b631192b5953cccb3533f94272e2b2053869cb8c0ff26a6625c6005e052700dfd9b0e7dbb1
-
SSDEEP
49152:9cw4LZw23q7NdpWGAwDop9AVBrjHyULRLBg33L5EaqlkRMC/qSy77sjs:9cnv4dpKgobKN5RLmHtyCcE
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-