General

  • Target

    de8e969262354abb8f4bcc774639973c44d0b84611f6622dd5f0464c760e2ebc

  • Size

    1.2MB

  • Sample

    240501-qdd1mshf38

  • MD5

    615b4b1ddc71f4928bf4afdfaa68231f

  • SHA1

    73c81d78040e61f77f87e2bcb3451cb187128d17

  • SHA256

    de8e969262354abb8f4bcc774639973c44d0b84611f6622dd5f0464c760e2ebc

  • SHA512

    dce6b144f554acb73ac2d35de860849dd0807379818e186b9f72f38369760bc9b9234955d6d7b44be399e66031621eccd41a00db09dd3d3109f26e17e39ca04a

  • SSDEEP

    24576:GqDEvCTbMWu7rQYlBQcBiT6rprG8aA5Xq+lobrks/pim:GTvC/MTQYxsWR7aAp3ozp

Malware Config

Targets

    • Target

      de8e969262354abb8f4bcc774639973c44d0b84611f6622dd5f0464c760e2ebc

    • Size

      1.2MB

    • MD5

      615b4b1ddc71f4928bf4afdfaa68231f

    • SHA1

      73c81d78040e61f77f87e2bcb3451cb187128d17

    • SHA256

      de8e969262354abb8f4bcc774639973c44d0b84611f6622dd5f0464c760e2ebc

    • SHA512

      dce6b144f554acb73ac2d35de860849dd0807379818e186b9f72f38369760bc9b9234955d6d7b44be399e66031621eccd41a00db09dd3d3109f26e17e39ca04a

    • SSDEEP

      24576:GqDEvCTbMWu7rQYlBQcBiT6rprG8aA5Xq+lobrks/pim:GTvC/MTQYxsWR7aAp3ozp

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks