General
-
Target
87f2db0e741aa05efa63e4d98bce45c9.bin
-
Size
2.2MB
-
Sample
240502-by5xjafd64
-
MD5
5197928e67a59cc54b8699fd88505acf
-
SHA1
3da254a5989d81bf0cebfa135cbc8cd3ce536aef
-
SHA256
25b7eff58bf61e983e7d1cbea90bd383d77401a3f089a13ae934ac163e272838
-
SHA512
1d0ed25077699a0762e4975ef7f2afeabb7d7c8f2f0d59016299fd5478a73f0ee3b556f320455677352d5848a8e7b5ffddad6c2aa0b6d4813cd882041524e904
-
SSDEEP
49152:d7bX1yw9AARf9ZLdcy9Bk04ptaAYH+fwqtblkmQDnPd0G9pkD+k6GDXq8wByjf/:d/1t9AA7ZLdc28ptaQfwUlkm2lz9ad6M
Static task
static1
Behavioral task
behavioral1
Sample
3121673a3bf3bdb07a02c5e730f09c272a4ec1c8510cd80a601b6e5e79d8eadc.exe
Resource
win7-20240419-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gencoldfire.com - Port:
587 - Username:
[email protected] - Password:
U+&%W@y1mSEUOinP - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.gencoldfire.com - Port:
587 - Username:
[email protected] - Password:
U+&%W@y1mSEUOinP
Targets
-
-
Target
3121673a3bf3bdb07a02c5e730f09c272a4ec1c8510cd80a601b6e5e79d8eadc.exe
-
Size
2.2MB
-
MD5
87f2db0e741aa05efa63e4d98bce45c9
-
SHA1
2f7b705480debc6bf48a325e189212cac3771e7e
-
SHA256
3121673a3bf3bdb07a02c5e730f09c272a4ec1c8510cd80a601b6e5e79d8eadc
-
SHA512
27d609cd1960417ec8b531b252e855ee27b43e65201d5d5cc551f7762c40e56e223255df4162d1779103e664a90606a6a1abb5f8f56fc5c4c80b075eceedd0ef
-
SSDEEP
49152:WKB2FpJDke68YMb6qm+mM9HgGCXh7OzJoyyPhDOX5d7i6:TBW68tbYqHgGJTyPhS5d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-