General
-
Target
b30a58ce72aec027c03ec9b9efcb15f71a140ecfd53b3fc998a1ac867162313b
-
Size
1.2MB
-
Sample
240426-bwvc1sgh7z
-
MD5
ccefe6ffa02717d8b3d69f04917db981
-
SHA1
a1f4495190b1d0e930bb3c666b510d64eb9376ee
-
SHA256
b30a58ce72aec027c03ec9b9efcb15f71a140ecfd53b3fc998a1ac867162313b
-
SHA512
3c949a26ea29d8bf87348f91864262a6bb50ca7784de4fd7eeb9668a2365e10bc1ab6846e85cfe697e12dee5bf5400d13c29555f33887ae8cfbddf531334aa26
-
SSDEEP
24576:cqDEvCTbMWu7rQYlBQcBiT6rprG8ajq+EUUPPXYqOdxQNj:cTvC/MTQYxsWR7ajq+bUHgrQ
Static task
static1
Behavioral task
behavioral1
Sample
b30a58ce72aec027c03ec9b9efcb15f71a140ecfd53b3fc998a1ac867162313b.exe
Resource
win7-20240221-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.aquareklam.com - Port:
587 - Username:
info@aquareklam.com - Password:
Aqua1923
Targets
-
-
Target
b30a58ce72aec027c03ec9b9efcb15f71a140ecfd53b3fc998a1ac867162313b
-
Size
1.2MB
-
MD5
ccefe6ffa02717d8b3d69f04917db981
-
SHA1
a1f4495190b1d0e930bb3c666b510d64eb9376ee
-
SHA256
b30a58ce72aec027c03ec9b9efcb15f71a140ecfd53b3fc998a1ac867162313b
-
SHA512
3c949a26ea29d8bf87348f91864262a6bb50ca7784de4fd7eeb9668a2365e10bc1ab6846e85cfe697e12dee5bf5400d13c29555f33887ae8cfbddf531334aa26
-
SSDEEP
24576:cqDEvCTbMWu7rQYlBQcBiT6rprG8ajq+EUUPPXYqOdxQNj:cTvC/MTQYxsWR7ajq+bUHgrQ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-