General
-
Target
b8bb4bd7bd97381f0947d10bef87e2d2f0ef0e5983cd73484dd944ebc628bcc1
-
Size
218KB
-
Sample
240424-bsajfade9z
-
MD5
df318c34ca90b7238017b2653798a0a8
-
SHA1
3196454b6cc22d3e14e42177e533a38cfebe0e73
-
SHA256
b8bb4bd7bd97381f0947d10bef87e2d2f0ef0e5983cd73484dd944ebc628bcc1
-
SHA512
debd0143d2a927ecac942daa3640bebc206e2b9de66d7155a53524a4a51a075497458340947ac30991c29bc8b874b841b04e03104c1872d17041ed9d8603b1b2
-
SSDEEP
3072:UmaibQw5tKM/717+wUPnS21mQbnc+BR0pKREX/WONBuwrhmc7U1iIyx1IhNXOXcg:S+86uwrhmkErFDnXAgkH
Static task
static1
Behavioral task
behavioral1
Sample
b8bb4bd7bd97381f0947d10bef87e2d2f0ef0e5983cd73484dd944ebc628bcc1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b8bb4bd7bd97381f0947d10bef87e2d2f0ef0e5983cd73484dd944ebc628bcc1.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
66.29.151.236 - Port:
587 - Username:
[email protected] - Password:
ZVtYXa0UPp63 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
66.29.151.236 - Port:
587 - Username:
[email protected] - Password:
ZVtYXa0UPp63
Targets
-
-
Target
b8bb4bd7bd97381f0947d10bef87e2d2f0ef0e5983cd73484dd944ebc628bcc1
-
Size
218KB
-
MD5
df318c34ca90b7238017b2653798a0a8
-
SHA1
3196454b6cc22d3e14e42177e533a38cfebe0e73
-
SHA256
b8bb4bd7bd97381f0947d10bef87e2d2f0ef0e5983cd73484dd944ebc628bcc1
-
SHA512
debd0143d2a927ecac942daa3640bebc206e2b9de66d7155a53524a4a51a075497458340947ac30991c29bc8b874b841b04e03104c1872d17041ed9d8603b1b2
-
SSDEEP
3072:UmaibQw5tKM/717+wUPnS21mQbnc+BR0pKREX/WONBuwrhmc7U1iIyx1IhNXOXcg:S+86uwrhmkErFDnXAgkH
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-