General
-
Target
92fb49d5d0e49f0a841a0a3ccf6f633d3cf9b8c659eeddc8ce2ab3c22057802f
-
Size
181KB
-
Sample
240503-blfrwabd2t
-
MD5
1b0442269cd16c5bc80751183975971b
-
SHA1
418da95eba6ae7842ec854f5d487116fbe9fcc42
-
SHA256
92fb49d5d0e49f0a841a0a3ccf6f633d3cf9b8c659eeddc8ce2ab3c22057802f
-
SHA512
2d7ef4d15ccbfc787d3eecf3d34bbf6fd3050965022de916573f96110644f02e9a7f8dba0eb89c19cc574816ce245b4095a6d02b5e929061396b5f032334560a
-
SSDEEP
768:xkxjRpESUJXtdhVm13jWtSHPWcFaYoYEBDGROgBDGh3hti/C:QoSCH3htV
Static task
static1
Behavioral task
behavioral1
Sample
92fb49d5d0e49f0a841a0a3ccf6f633d3cf9b8c659eeddc8ce2ab3c22057802f.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
92fb49d5d0e49f0a841a0a3ccf6f633d3cf9b8c659eeddc8ce2ab3c22057802f.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
66.29.151.236 - Port:
587 - Username:
[email protected] - Password:
hpJvOH%*JutO - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
66.29.151.236 - Port:
587 - Username:
[email protected] - Password:
hpJvOH%*JutO
Targets
-
-
Target
92fb49d5d0e49f0a841a0a3ccf6f633d3cf9b8c659eeddc8ce2ab3c22057802f
-
Size
181KB
-
MD5
1b0442269cd16c5bc80751183975971b
-
SHA1
418da95eba6ae7842ec854f5d487116fbe9fcc42
-
SHA256
92fb49d5d0e49f0a841a0a3ccf6f633d3cf9b8c659eeddc8ce2ab3c22057802f
-
SHA512
2d7ef4d15ccbfc787d3eecf3d34bbf6fd3050965022de916573f96110644f02e9a7f8dba0eb89c19cc574816ce245b4095a6d02b5e929061396b5f032334560a
-
SSDEEP
768:xkxjRpESUJXtdhVm13jWtSHPWcFaYoYEBDGROgBDGh3hti/C:QoSCH3htV
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-