General

  • Target

    ce055a8a032fb468ce38a511a5ff3a4ca08736fc08b2d3744879800067fe7d6a.zip

  • Size

    2.2MB

  • Sample

    240403-xpfryahg7t

  • MD5

    1c68d1d29add1d7450782354c9308620

  • SHA1

    03248744105212676b19d20a9876d04ad61a4fa4

  • SHA256

    9d970a4aad65dec1ba7abec175196e1d869e9d8e0321b41a145e360746ddf419

  • SHA512

    bbcefc8f9fe173b3fbb7a30e2c8aa3ab7eb5a688ae6ecafa85df249378749291fd938ec4490459d748d16fc343e573f3b65afb48b66d40f98d1864db8e78aeae

  • SSDEEP

    49152:PIeHC2CkVtRt0ey0hYW1cMTFcaCptxLtYLxh7gPw18t1W+HY1VYh0t:geHC2ZZyCDcMTyn9tdwMW+HYI0t

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      ce055a8a032fb468ce38a511a5ff3a4ca08736fc08b2d3744879800067fe7d6a.exe

    • Size

      2.2MB

    • MD5

      9471c95c2de5fff7e053103962456aec

    • SHA1

      1389bdc9ac3d9269f56f69d9f78b9e658a4425ef

    • SHA256

      ce055a8a032fb468ce38a511a5ff3a4ca08736fc08b2d3744879800067fe7d6a

    • SHA512

      85707affb300e3c7aba3c35d0c5d7dd9becf8b75d701ebbf4246266aa6eb3d75367e202f097182b8230d3b708c25f22f91f8b66a4a31bbb450b09bad4741073a

    • SSDEEP

      49152:8EhOyEW8+a5jJnEWfRc+505/v4enVbMlTie:8Eh1EAaz7RT5s/AenVoT

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks