General
-
Target
6c1fbca58e9bc53ea7f16540f883e15e78cf2c917050c6b97f680cd519524950
-
Size
47KB
-
Sample
240426-ctxwsshc5x
-
MD5
46be9c50445080232ef8212d55d93360
-
SHA1
9e5f529a03375ccc8f55cb2ee7f5ed679ae79242
-
SHA256
6c1fbca58e9bc53ea7f16540f883e15e78cf2c917050c6b97f680cd519524950
-
SHA512
2316ef5819e534af19a7a308e543a4bb53239ffd2a56394bf7512b0ac36ec3f207e9917d75947f422a3e4f9a1a755e5cc9f22998e981f63cf6049b42aa58f730
-
SSDEEP
768:4zMktxthaDNwYRvweCkJdsblgTEdIHPIDwkPrFGSCvfIHOJUUTJf9oRpBGBbV6Vn:4zMktxth6qYdelIEdIv4PxGrUKUuJlQ1
Static task
static1
Behavioral task
behavioral1
Sample
6c1fbca58e9bc53ea7f16540f883e15e78cf2c917050c6b97f680cd519524950.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6c1fbca58e9bc53ea7f16540f883e15e78cf2c917050c6b97f680cd519524950.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.wassadadvogados.com.br - Port:
587 - Username:
majicboyyy@wassadadvogados.com.br - Password:
TkuGA;DYH+It
Extracted
agenttesla
Protocol: smtp- Host:
mail.wassadadvogados.com.br - Port:
587 - Username:
majicboyyy@wassadadvogados.com.br - Password:
TkuGA;DYH+It - Email To:
majicman@afprofiters.com
Targets
-
-
Target
6c1fbca58e9bc53ea7f16540f883e15e78cf2c917050c6b97f680cd519524950
-
Size
47KB
-
MD5
46be9c50445080232ef8212d55d93360
-
SHA1
9e5f529a03375ccc8f55cb2ee7f5ed679ae79242
-
SHA256
6c1fbca58e9bc53ea7f16540f883e15e78cf2c917050c6b97f680cd519524950
-
SHA512
2316ef5819e534af19a7a308e543a4bb53239ffd2a56394bf7512b0ac36ec3f207e9917d75947f422a3e4f9a1a755e5cc9f22998e981f63cf6049b42aa58f730
-
SSDEEP
768:4zMktxthaDNwYRvweCkJdsblgTEdIHPIDwkPrFGSCvfIHOJUUTJf9oRpBGBbV6Vn:4zMktxth6qYdelIEdIv4PxGrUKUuJlQ1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-