General
-
Target
bffbe3d33b81e72be97cab2bdaf1500275523f964fb95c0c330de60279b20605
-
Size
8.8MB
-
Sample
240427-bgzdesff92
-
MD5
90edcc628fcbb730078d988c74d1d674
-
SHA1
6b4d1c85f185bc5de99cd12c9dcd9d06de193e36
-
SHA256
bffbe3d33b81e72be97cab2bdaf1500275523f964fb95c0c330de60279b20605
-
SHA512
51f411c044b799e6a7fd01b386f04f70e0c61482f52253464ce030b5d599f1b76c5207d06da19b47897810006cdd213f074c0fb4667d6d76b466a6c5987ba79e
-
SSDEEP
196608:d+p+KxhZ0olCUpygrdaKPMYZL6yrQSFyMYjuz+xxW7FCBezToy:7C/CGyg/1L6yrhFyMUy+x88Mky
Static task
static1
Behavioral task
behavioral1
Sample
bffbe3d33b81e72be97cab2bdaf1500275523f964fb95c0c330de60279b20605.exe
Resource
win7-20240215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.apexrnun.com - Port:
587 - Username:
[email protected] - Password:
CCu5Z?WuH+bS4hsz - Email To:
[email protected]
Targets
-
-
Target
bffbe3d33b81e72be97cab2bdaf1500275523f964fb95c0c330de60279b20605
-
Size
8.8MB
-
MD5
90edcc628fcbb730078d988c74d1d674
-
SHA1
6b4d1c85f185bc5de99cd12c9dcd9d06de193e36
-
SHA256
bffbe3d33b81e72be97cab2bdaf1500275523f964fb95c0c330de60279b20605
-
SHA512
51f411c044b799e6a7fd01b386f04f70e0c61482f52253464ce030b5d599f1b76c5207d06da19b47897810006cdd213f074c0fb4667d6d76b466a6c5987ba79e
-
SSDEEP
196608:d+p+KxhZ0olCUpygrdaKPMYZL6yrQSFyMYjuz+xxW7FCBezToy:7C/CGyg/1L6yrhFyMUy+x88Mky
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-