General
-
Target
2024-04-11-12.zip
-
Size
1.4MB
-
Sample
240419-kj853sda72
-
MD5
e1ddfadee8f8d4f0211436372c8e3643
-
SHA1
d2c7fe614d3bb068492e53aa0cdfc5d9dc13164c
-
SHA256
02730e71f328c1db18bd641ee44c7b6f83f6b48491f46339168e13dd6ebe0e3e
-
SHA512
eb9e3713409f4e61dfc745f81098eabcc0eb59b392869583da6a72ce8c3428a3109cc10d4728bbd4b428a127049f0dc33f8af7375035bdf38401c3379e46ac7d
-
SSDEEP
24576:W2o5K6a2hnoSzfj7+D3x6lsRcQzoPm6KzRFbqLnG/c0q1DD6/QZk040X:W28aUoSgisSSoPm6fLG/hpMX
Behavioral task
behavioral1
Sample
334e2c89c9ee7b4522bbd263cc1fe59065d6a1a21919e11504158266bed762b8.exe
Resource
win7-20240215-ja
Behavioral task
behavioral2
Sample
334e2c89c9ee7b4522bbd263cc1fe59065d6a1a21919e11504158266bed762b8.exe
Resource
win10v2004-20240226-ja
Behavioral task
behavioral3
Sample
4e7e2546901dc10eda0b3ec5237250129899018f3464bc33dc626952134435b9.exe
Resource
win7-20240221-ja
Behavioral task
behavioral4
Sample
4e7e2546901dc10eda0b3ec5237250129899018f3464bc33dc626952134435b9.exe
Resource
win10v2004-20240412-ja
Behavioral task
behavioral5
Sample
c5c810beaf075f8fee52146b381b0f94a6e303fada3bce12bcc07fbfa07ba07e.exe
Resource
win7-20240221-ja
Behavioral task
behavioral6
Sample
c5c810beaf075f8fee52146b381b0f94a6e303fada3bce12bcc07fbfa07ba07e.exe
Resource
win10v2004-20240412-ja
Malware Config
Extracted
mirai
WICKED
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
eddie101 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
vZBznnd5
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
eddie101
Targets
-
-
Target
334e2c89c9ee7b4522bbd263cc1fe59065d6a1a21919e11504158266bed762b8.exe
-
Size
1.3MB
-
MD5
26d4481358be879c74a936ae21fd125e
-
SHA1
9b6fb5e4899a28ca77efd193a673ef4cf4d79cda
-
SHA256
334e2c89c9ee7b4522bbd263cc1fe59065d6a1a21919e11504158266bed762b8
-
SHA512
8f25d136919c4aa65b5c75d5ad406f98510e817901747ceef33c94f03c7fd0863d694949d2eb15608532c3d624f305cd224161cfb26da9592a2f25716fcd1861
-
SSDEEP
24576:wAHnh+eWsN3skA4RV1Hom2KXMmHabVCjdWh/gJNdXi6K5:nh+ZkldoPK8YabgpWBgJNdy
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Suspicious use of SetThreadContext
-
-
-
Target
4e7e2546901dc10eda0b3ec5237250129899018f3464bc33dc626952134435b9.exe
-
Size
659KB
-
MD5
5fe186dba01e6ee8355f8983bd13944e
-
SHA1
b5c75991cc0e0e6baa12666691fcf38884d6abf6
-
SHA256
4e7e2546901dc10eda0b3ec5237250129899018f3464bc33dc626952134435b9
-
SHA512
3fcbfd546f7477d3d68f5f0b266eb493e49e6012494b00519779c4c8c80ecf67bd3074765dce94f252cd49635a1a7b3066fa2f3f4bbdfb1bca27263f36ceac25
-
SSDEEP
12288:OcKsWWTVwiuHJBS67H77HVeHG6S7IPOixS1wx3vqzw1RgI7:GsWW5wbHJc67HvcHG97IPU+q+Rgm
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-
-
-
Target
c5c810beaf075f8fee52146b381b0f94a6e303fada3bce12bcc07fbfa07ba07e.exe
-
Size
234KB
-
MD5
dc591fd6d108b50bd9aa1f3dce2f3fe4
-
SHA1
3fea40223c02a15678912a29147d2b32d05c46df
-
SHA256
c5c810beaf075f8fee52146b381b0f94a6e303fada3bce12bcc07fbfa07ba07e
-
SHA512
cb15f32184d16a718017578b869b44c2d23d76348fda0cbc9f460c4132f9fd123f06485bbcc5281812ec67f7bc17ed04a69ab0cae1636d4b2db2f45fd798a2f8
-
SSDEEP
3072:z+ymieCL2QfOdb/TmqtbqRFP55EMX+CWQ:z+ymieCLPfOdbqq9qRFvXJW
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-