General
-
Target
45a304d1c72e9a3a698ab6151337ed22d667c5491d1f6444436fe4678599b40b.exe
-
Size
124KB
-
Sample
240420-lglsfade67
-
MD5
f7ae6120e6bfe2a2cc888561e84bedb3
-
SHA1
58362a2a8aead86b28d9ce5fd6c2127473b304fd
-
SHA256
45a304d1c72e9a3a698ab6151337ed22d667c5491d1f6444436fe4678599b40b
-
SHA512
e48d1d4f42d08d0ac89882fdb5482eb5896ed3d5acb0a91ca6d89d45be7c008361a6ea44b4e42ce2357dcae4de6d7e68017d06c6866575ea86ccea682ff06127
-
SSDEEP
3072:jZe4Kq6qTvkplu6ykDxSTlWoJl0ovJvWR46fJb7AD8HPYj/7:jRRvmu6wAYr7
Static task
static1
Behavioral task
behavioral1
Sample
45a304d1c72e9a3a698ab6151337ed22d667c5491d1f6444436fe4678599b40b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
45a304d1c72e9a3a698ab6151337ed22d667c5491d1f6444436fe4678599b40b.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
Protocol: smtp- Host:
66.29.151.236 - Port:
587 - Username:
[email protected] - Password:
ZVtYXa0UPp63
Extracted
agenttesla
Protocol: smtp- Host:
66.29.151.236 - Port:
587 - Username:
[email protected] - Password:
ZVtYXa0UPp63 - Email To:
[email protected]
Targets
-
-
Target
45a304d1c72e9a3a698ab6151337ed22d667c5491d1f6444436fe4678599b40b.exe
-
Size
124KB
-
MD5
f7ae6120e6bfe2a2cc888561e84bedb3
-
SHA1
58362a2a8aead86b28d9ce5fd6c2127473b304fd
-
SHA256
45a304d1c72e9a3a698ab6151337ed22d667c5491d1f6444436fe4678599b40b
-
SHA512
e48d1d4f42d08d0ac89882fdb5482eb5896ed3d5acb0a91ca6d89d45be7c008361a6ea44b4e42ce2357dcae4de6d7e68017d06c6866575ea86ccea682ff06127
-
SSDEEP
3072:jZe4Kq6qTvkplu6ykDxSTlWoJl0ovJvWR46fJb7AD8HPYj/7:jRRvmu6wAYr7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-