General
-
Target
ce055a8a032fb468ce38a511a5ff3a4ca08736fc08b2d3744879800067fe7d6a.zip
-
Size
2.2MB
-
Sample
240403-xpfryahg7t
-
MD5
1c68d1d29add1d7450782354c9308620
-
SHA1
03248744105212676b19d20a9876d04ad61a4fa4
-
SHA256
9d970a4aad65dec1ba7abec175196e1d869e9d8e0321b41a145e360746ddf419
-
SHA512
bbcefc8f9fe173b3fbb7a30e2c8aa3ab7eb5a688ae6ecafa85df249378749291fd938ec4490459d748d16fc343e573f3b65afb48b66d40f98d1864db8e78aeae
-
SSDEEP
49152:PIeHC2CkVtRt0ey0hYW1cMTFcaCptxLtYLxh7gPw18t1W+HY1VYh0t:geHC2ZZyCDcMTyn9tdwMW+HYI0t
Static task
static1
Behavioral task
behavioral1
Sample
ce055a8a032fb468ce38a511a5ff3a4ca08736fc08b2d3744879800067fe7d6a.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
gator3220.hostgator.com - Port:
587 - Username:
[email protected] - Password:
RaFv@tsTUK55@@<<!! - Email To:
[email protected]
Targets
-
-
Target
ce055a8a032fb468ce38a511a5ff3a4ca08736fc08b2d3744879800067fe7d6a.exe
-
Size
2.2MB
-
MD5
9471c95c2de5fff7e053103962456aec
-
SHA1
1389bdc9ac3d9269f56f69d9f78b9e658a4425ef
-
SHA256
ce055a8a032fb468ce38a511a5ff3a4ca08736fc08b2d3744879800067fe7d6a
-
SHA512
85707affb300e3c7aba3c35d0c5d7dd9becf8b75d701ebbf4246266aa6eb3d75367e202f097182b8230d3b708c25f22f91f8b66a4a31bbb450b09bad4741073a
-
SSDEEP
49152:8EhOyEW8+a5jJnEWfRc+505/v4enVbMlTie:8Eh1EAaz7RT5s/AenVoT
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-