General
-
Target
0766dcf703dbf0243d873fff3b325054eee96ce58a9753ac8aa9891c311b4434.exe
-
Size
1.2MB
-
Sample
240425-beek8sce68
-
MD5
52e4f8ee79c595a890bc451dfbbbb9f4
-
SHA1
12b24cc207161c893d5c87fc12453c083275d11f
-
SHA256
0766dcf703dbf0243d873fff3b325054eee96ce58a9753ac8aa9891c311b4434
-
SHA512
b10bad66f74786fef8e514c807700127e5518f3b64f14c6f05585f65bf01da7e0ff38de338e88ff1d5698e7c7a4c6f60a3294066ce7ea0d7b8a2881a67e3fcea
-
SSDEEP
24576:sqDEvCTbMWu7rQYlBQcBiT6rprG8alPCJcAwNhy:sTvC/MTQYxsWR7alPC6B
Malware Config
Targets
-
-
Target
0766dcf703dbf0243d873fff3b325054eee96ce58a9753ac8aa9891c311b4434.exe
-
Size
1.2MB
-
MD5
52e4f8ee79c595a890bc451dfbbbb9f4
-
SHA1
12b24cc207161c893d5c87fc12453c083275d11f
-
SHA256
0766dcf703dbf0243d873fff3b325054eee96ce58a9753ac8aa9891c311b4434
-
SHA512
b10bad66f74786fef8e514c807700127e5518f3b64f14c6f05585f65bf01da7e0ff38de338e88ff1d5698e7c7a4c6f60a3294066ce7ea0d7b8a2881a67e3fcea
-
SSDEEP
24576:sqDEvCTbMWu7rQYlBQcBiT6rprG8alPCJcAwNhy:sTvC/MTQYxsWR7alPC6B
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-