Resubmissions

03/05/2024, 02:56

240503-dfeczadc91 10

03/05/2024, 01:34

240503-bzag1sdh42 10

General

  • Target

    9b33f5fcb98474727512a218d6ebe3d0fa1dd9254ff85410059c4ddcc4fe53ed

  • Size

    1.2MB

  • Sample

    240503-bzag1sdh42

  • MD5

    42610f930f7905375aea64943d79f87d

  • SHA1

    8a1247d7e390f015db9d5aa7d6f9df2252fdc944

  • SHA256

    9b33f5fcb98474727512a218d6ebe3d0fa1dd9254ff85410059c4ddcc4fe53ed

  • SHA512

    45e85367e43e6635d5a59d50673ca426878bd17ccd5ae9de791c407ffbd4ab5c7ecf2092fbe5ee0ad31e6adae9bfbd1037c332c6dd7a1c8802047c715755f6c5

  • SSDEEP

    24576:DqDEvCTbMWu7rQYlBQcBiT6rprG8aTqChh8niG79Q:DTvC/MTQYxsWR7aTLSiA9

Malware Config

Targets

    • Target

      9b33f5fcb98474727512a218d6ebe3d0fa1dd9254ff85410059c4ddcc4fe53ed

    • Size

      1.2MB

    • MD5

      42610f930f7905375aea64943d79f87d

    • SHA1

      8a1247d7e390f015db9d5aa7d6f9df2252fdc944

    • SHA256

      9b33f5fcb98474727512a218d6ebe3d0fa1dd9254ff85410059c4ddcc4fe53ed

    • SHA512

      45e85367e43e6635d5a59d50673ca426878bd17ccd5ae9de791c407ffbd4ab5c7ecf2092fbe5ee0ad31e6adae9bfbd1037c332c6dd7a1c8802047c715755f6c5

    • SSDEEP

      24576:DqDEvCTbMWu7rQYlBQcBiT6rprG8aTqChh8niG79Q:DTvC/MTQYxsWR7aTLSiA9

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks