General
-
Target
ec3c25a27333e107a0dcc38358c66afbe43f55dcb6a56c7c40b09523b7a3a3e2
-
Size
1.7MB
-
Sample
240424-phfjlahg58
-
MD5
20924ccaaf10b17dc1b9feaaadaf140c
-
SHA1
be07f4021e89ded89fce3c4a79c854af68aa8cce
-
SHA256
ec3c25a27333e107a0dcc38358c66afbe43f55dcb6a56c7c40b09523b7a3a3e2
-
SHA512
2b83de8f85336bb8f5474701b73dd1d9933b84ffff1d98c95e62441115c69c9a4a97cc9fd88421e0a07d38066299968cf6d95f6228997c6a2a328e8ab0de4354
-
SSDEEP
49152:P8vBrX/uLWrIA9RkvkeZZLu4NznpVIzjWCYJOQ:P8vN2FA94ZZLVj3Izjry
Static task
static1
Behavioral task
behavioral1
Sample
Iytijfnhghrg.exe
Resource
win7-20240220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gencoldfire.com - Port:
587 - Username:
[email protected] - Password:
dsznE{%*a*0gL1r3 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.gencoldfire.com - Port:
587 - Username:
[email protected] - Password:
dsznE{%*a*0gL1r3
Targets
-
-
Target
Iytijfnhghrg.exe
-
Size
8.8MB
-
MD5
4eb498c102ebe6ac81fd49b7546d76f7
-
SHA1
6c951df3dbd5b67fe76eab348793b49f8403104e
-
SHA256
e00ad0d7a897f7cac915eee1ab4e4506baf64599a2d368d5f26af554747e681c
-
SHA512
b5f94ec92796d5d7f612c89b8d9d8babd2426f99d11bc6e90977bfdf5e7d2bb53ffdd0dd36c83350f2373c2a034d71d1ffaff1f6109d86d7052e252a79d9ef04
-
SSDEEP
196608:hhQM+RxVZDQeSJgCvBlVeBFQMh328oWR1i1QDgEF7WiiyoEf81HnDYVDkV4519NQ:hhQM+RxVZDQeSJgCvBlVeBFQMh328oW4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-