General
-
Target
Arba Outstanding Statement.xlam.xlsx
-
Size
640KB
-
Sample
240509-g5hcpsec2v
-
MD5
131844fd7418fbf55ca4926d1befee15
-
SHA1
3a28e0ea39bf4ab20eaddf9d556b384140c49328
-
SHA256
f780667dfa96e07a53933e96e8dc5a985517c3cadb699bf45f656d0ed1dcb3a6
-
SHA512
6e0d9ad4e5c463a9085c0d434e2b81307188f9f44d36f4d6b3d49f10e84a8b413abb613c7eec3df6cf5ae83de529414020b6a3559507590a7ffe449e1dec5a17
-
SSDEEP
12288:SanWgfLpjAceE/4qs3otznIyVImP0JwhnMqqyDx2huE6+oLOpAo0lmZs:XUE/g29ImikJA16+p90lmZs
Malware Config
Targets
-
-
Target
Arba Outstanding Statement.xlam.xlsx
-
Size
640KB
-
MD5
131844fd7418fbf55ca4926d1befee15
-
SHA1
3a28e0ea39bf4ab20eaddf9d556b384140c49328
-
SHA256
f780667dfa96e07a53933e96e8dc5a985517c3cadb699bf45f656d0ed1dcb3a6
-
SHA512
6e0d9ad4e5c463a9085c0d434e2b81307188f9f44d36f4d6b3d49f10e84a8b413abb613c7eec3df6cf5ae83de529414020b6a3559507590a7ffe449e1dec5a17
-
SSDEEP
12288:SanWgfLpjAceE/4qs3otznIyVImP0JwhnMqqyDx2huE6+oLOpAo0lmZs:XUE/g29ImikJA16+p90lmZs
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-