General
-
Target
e4742ef466dd828202db9a22bee89a4835b3e3600a202da218c42a44610a2bc0
-
Size
1.1MB
-
Sample
240425-b4st6ada66
-
MD5
d90b4dbea769da538ed3e81d35f5ac9e
-
SHA1
294b4c72e4c65660cb47e07b9409b91deb183da6
-
SHA256
e4742ef466dd828202db9a22bee89a4835b3e3600a202da218c42a44610a2bc0
-
SHA512
88513629125268e52075f5ecbff042999b6f870b4a1fe3a01f5e3a55bd99fca62323ea0e9c52d2cae15a6ee9d488afd56544655d7f7f5e6b06496169174f1844
-
SSDEEP
24576:eqDEvCTbMWu7rQYlBQcBiT6rprG8aoVEKLfAEo4Zcu+AsNw:eTvC/MTQYxsWR7aojAuY
Static task
static1
Behavioral task
behavioral1
Sample
e4742ef466dd828202db9a22bee89a4835b3e3600a202da218c42a44610a2bc0.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
e4742ef466dd828202db9a22bee89a4835b3e3600a202da218c42a44610a2bc0.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.deeptrans.com.tr - Port:
587 - Username:
[email protected] - Password:
59ace821A
Targets
-
-
Target
e4742ef466dd828202db9a22bee89a4835b3e3600a202da218c42a44610a2bc0
-
Size
1.1MB
-
MD5
d90b4dbea769da538ed3e81d35f5ac9e
-
SHA1
294b4c72e4c65660cb47e07b9409b91deb183da6
-
SHA256
e4742ef466dd828202db9a22bee89a4835b3e3600a202da218c42a44610a2bc0
-
SHA512
88513629125268e52075f5ecbff042999b6f870b4a1fe3a01f5e3a55bd99fca62323ea0e9c52d2cae15a6ee9d488afd56544655d7f7f5e6b06496169174f1844
-
SSDEEP
24576:eqDEvCTbMWu7rQYlBQcBiT6rprG8aoVEKLfAEo4Zcu+AsNw:eTvC/MTQYxsWR7aojAuY
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-