General

  • Target

    03fa70c2a8d4b80b524aed2ada1cb5c2861eda0a4b8a10a54aa7f192a95e7ac6

  • Size

    1.2MB

  • Sample

    240508-cvfznsgc53

  • MD5

    601ef7e4bea3e5760f307f5b1265a1d5

  • SHA1

    a8edfb91ce9fe6ae21a8fde268454fb7a2f23d83

  • SHA256

    03fa70c2a8d4b80b524aed2ada1cb5c2861eda0a4b8a10a54aa7f192a95e7ac6

  • SHA512

    38fb16b7b4a48e5245151ff6d1d26dfcc70eb1d63028bf03cbe7f77f6fc226c81cee4ff1c268959d3a528589c4ecf13b50c3295fba97a29bda7cb22321f7acda

  • SSDEEP

    24576:6qDEvCTbMWu7rQYlBQcBiT6rprG8aTsGjS3yZro7v:6TvC/MTQYxsWR7aTJjiyZro

Malware Config

Targets

    • Target

      03fa70c2a8d4b80b524aed2ada1cb5c2861eda0a4b8a10a54aa7f192a95e7ac6

    • Size

      1.2MB

    • MD5

      601ef7e4bea3e5760f307f5b1265a1d5

    • SHA1

      a8edfb91ce9fe6ae21a8fde268454fb7a2f23d83

    • SHA256

      03fa70c2a8d4b80b524aed2ada1cb5c2861eda0a4b8a10a54aa7f192a95e7ac6

    • SHA512

      38fb16b7b4a48e5245151ff6d1d26dfcc70eb1d63028bf03cbe7f77f6fc226c81cee4ff1c268959d3a528589c4ecf13b50c3295fba97a29bda7cb22321f7acda

    • SSDEEP

      24576:6qDEvCTbMWu7rQYlBQcBiT6rprG8aTsGjS3yZro7v:6TvC/MTQYxsWR7aTJjiyZro

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks