General
-
Target
01cb4757b69bfc3719963b0957e1b613ca22a5360eb71c1a19afe7ef7d2c842e
-
Size
225KB
-
Sample
240505-bmsg3adb67
-
MD5
1a7ccd1d741a8dccb5dc9bf239c6e822
-
SHA1
587ad072542f8f83d542a38a957a454c0093533b
-
SHA256
01cb4757b69bfc3719963b0957e1b613ca22a5360eb71c1a19afe7ef7d2c842e
-
SHA512
e15295c6dbd43dc911bb542c9e17cd910d35341243180476b7c0c6b198cb0944e71c21b70b5c0a418f4fbc51db3c47c0bd64011430b04c8984378a6c1564cb94
-
SSDEEP
3072:1tnKSSYeSypEII/RUmPWuGDXIpAKWV3JAzfOUQmd4NDVoe/u0x81kXQpB4UUL0fW:+S2Sz9Rosjx9wViYr7
Static task
static1
Behavioral task
behavioral1
Sample
01cb4757b69bfc3719963b0957e1b613ca22a5360eb71c1a19afe7ef7d2c842e.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
01cb4757b69bfc3719963b0957e1b613ca22a5360eb71c1a19afe7ef7d2c842e.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
66.29.151.236 - Port:
587 - Username:
[email protected] - Password:
09Xt0hBU4PzO - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
66.29.151.236 - Port:
587 - Username:
[email protected] - Password:
09Xt0hBU4PzO
Targets
-
-
Target
01cb4757b69bfc3719963b0957e1b613ca22a5360eb71c1a19afe7ef7d2c842e
-
Size
225KB
-
MD5
1a7ccd1d741a8dccb5dc9bf239c6e822
-
SHA1
587ad072542f8f83d542a38a957a454c0093533b
-
SHA256
01cb4757b69bfc3719963b0957e1b613ca22a5360eb71c1a19afe7ef7d2c842e
-
SHA512
e15295c6dbd43dc911bb542c9e17cd910d35341243180476b7c0c6b198cb0944e71c21b70b5c0a418f4fbc51db3c47c0bd64011430b04c8984378a6c1564cb94
-
SSDEEP
3072:1tnKSSYeSypEII/RUmPWuGDXIpAKWV3JAzfOUQmd4NDVoe/u0x81kXQpB4UUL0fW:+S2Sz9Rosjx9wViYr7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-