General
-
Target
f24cb6c387d23fdce4caecadba3bf24f1d4e0e45934060dfd6492fdb4aed3239.rar
-
Size
662KB
-
Sample
240427-b4csyahc9v
-
MD5
8114ae707d7630639e2dc0d5cfd5074d
-
SHA1
203b82d1ca67da4dea849985642f120f132dc54e
-
SHA256
f24cb6c387d23fdce4caecadba3bf24f1d4e0e45934060dfd6492fdb4aed3239
-
SHA512
6daf7b5c50ddd1605600f6a0d7377d7b1ce5c64ebb568bd0d062e2c25466121ef118890f0205c59a7421a28d4bb186a2078f4b02c1ddf83f1dcc9c047dd9adf3
-
SSDEEP
12288:JuIbhfaJwhgB2rEJIWnwPxgmKo6jhPmmCKD4b/XAT9VBEUbI1BObTmw/:fd102r/WwJgmAP5CKD4jATTBbbQeTmE
Malware Config
Targets
-
-
Target
PO 50018137-14.pdf.exe
-
Size
1.2MB
-
MD5
7f3495645a47fbe0aed3b69518af96c3
-
SHA1
91a01966c9007daed292e9a7fcacc29cac90abe9
-
SHA256
ebf3c83dc7467d503cf0ad20f47b4042dbefb543eae593e605a17cec9e8f3953
-
SHA512
78ba7f692c8d207a8e9685c83d06fd25fd3e6297ed757ffa15e4ee68fa852bdb802fdf1a680b58512c32755356a3ef961c5e8bcec986a8099df8f172b96e240b
-
SSDEEP
24576:LqDEvCTbMWu7rQYlBQcBiT6rprG8aOuLpHmBzFFM1ONQ9:LTvC/MTQYxsWR7aOuezPXy
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-