General
-
Target
EPQ.exe
-
Size
1.2MB
-
Sample
240501-p9sy1ahe52
-
MD5
615b4b1ddc71f4928bf4afdfaa68231f
-
SHA1
73c81d78040e61f77f87e2bcb3451cb187128d17
-
SHA256
de8e969262354abb8f4bcc774639973c44d0b84611f6622dd5f0464c760e2ebc
-
SHA512
dce6b144f554acb73ac2d35de860849dd0807379818e186b9f72f38369760bc9b9234955d6d7b44be399e66031621eccd41a00db09dd3d3109f26e17e39ca04a
-
SSDEEP
24576:GqDEvCTbMWu7rQYlBQcBiT6rprG8aA5Xq+lobrks/pim:GTvC/MTQYxsWR7aAp3ozp
Static task
static1
Behavioral task
behavioral1
Sample
EPQ.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
EPQ.exe
-
Size
1.2MB
-
MD5
615b4b1ddc71f4928bf4afdfaa68231f
-
SHA1
73c81d78040e61f77f87e2bcb3451cb187128d17
-
SHA256
de8e969262354abb8f4bcc774639973c44d0b84611f6622dd5f0464c760e2ebc
-
SHA512
dce6b144f554acb73ac2d35de860849dd0807379818e186b9f72f38369760bc9b9234955d6d7b44be399e66031621eccd41a00db09dd3d3109f26e17e39ca04a
-
SSDEEP
24576:GqDEvCTbMWu7rQYlBQcBiT6rprG8aA5Xq+lobrks/pim:GTvC/MTQYxsWR7aAp3ozp
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-