General
-
Target
09052024_1334_08052024_207845200002.7z
-
Size
75KB
-
Sample
240509-qva1bafa52
-
MD5
757b003a9b134151f91a43f80f8f19f8
-
SHA1
a6a631c3857ead9bf3524ac1e748a591fbed810d
-
SHA256
2962f4789f3dbc0085dd522e15d2dad5f506cbf2b47701b9cbfb88d013522f31
-
SHA512
23942e000910a398b421a4f889f5262d656059274dea8e2a088fa2b00a645f507fe59cb1ed7798d69abb2201d272496c3854a42ad9051d212666c76cf555b13b
-
SSDEEP
1536:s9vsw6sfZpbFlvmxMsOrJixfoChyUcmRZby+lHt3Me8kf+ahNZV3hbzSbxfFscds:s9vffrbFlooyXcoh3p8kBvZVSxmP
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
66.29.151.236 - Port:
587 - Username:
[email protected] - Password:
fn26k5c7Q846 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
66.29.151.236 - Port:
587 - Username:
[email protected] - Password:
fn26k5c7Q846
Targets
-
-
Target
207845200002.exe
-
Size
334KB
-
MD5
db852560af27329c5bf56c3bdc791916
-
SHA1
76f2f314b943ec5fdcc7105f6c28e4e1f69b9d2a
-
SHA256
85549d6c0269a1e86f946c8f5ea900f8ac0a82da0169e0c635f5836ab5bd1589
-
SHA512
4e2d9fd0e8466fd8129fc34c714608404d69141dbb91bfa8ac0ab3a6cd72abcc2464b70fac9606a15470064ced9631aad1277e2e1f9fa4985d818b885365b22a
-
SSDEEP
3072:CBs0O1R9uynxg6hEITBwxme0Xo220wIpZyg55ZV:us7L3nxduIdwoe0Xo220hV5jV
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-