General
-
Target
Price List MAYQTRA031244PDF.scr.exe
-
Size
236KB
-
Sample
240501-rt7hkaha91
-
MD5
313288ef87f8dfd992039233d952ede2
-
SHA1
6e83e5923f2b8d94f2ca832394a27a6c731fa1ac
-
SHA256
1eecb41cab35c2ad1402959834f8c39ca39c70a7b749906344d4423b3c78bfd7
-
SHA512
3ee8c186b02c55c49940e4609c93052ca96fde1a40cb59495bb2e01a1abcba8f227050447595a63db88c494458c5457a4e13d6fae238ac80263198721a62559b
-
SSDEEP
6144:HYVE08tYLBZGEQrdm4Vz0Rpppppppppppppppppppppppppppppq:+LQrdm4Vz0Rpppppppppppppppppppp4
Static task
static1
Behavioral task
behavioral1
Sample
Price List MAYQTRA031244PDF.scr.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Price List MAYQTRA031244PDF.scr.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
investms.vadavo.cloud - Port:
587 - Username:
[email protected] - Password:
emp@GnVg+%sS},OW - Email To:
[email protected]
Targets
-
-
Target
Price List MAYQTRA031244PDF.scr.exe
-
Size
236KB
-
MD5
313288ef87f8dfd992039233d952ede2
-
SHA1
6e83e5923f2b8d94f2ca832394a27a6c731fa1ac
-
SHA256
1eecb41cab35c2ad1402959834f8c39ca39c70a7b749906344d4423b3c78bfd7
-
SHA512
3ee8c186b02c55c49940e4609c93052ca96fde1a40cb59495bb2e01a1abcba8f227050447595a63db88c494458c5457a4e13d6fae238ac80263198721a62559b
-
SSDEEP
6144:HYVE08tYLBZGEQrdm4Vz0Rpppppppppppppppppppppppppppppq:+LQrdm4Vz0Rpppppppppppppppppppp4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-