General
-
Target
328e70cca6f607ee5e124be316cbd024fa84f61b874c0568366516a8222675aa.exe
-
Size
1.1MB
-
Sample
240510-bk4sbadd46
-
MD5
63d74b4d5b18373ba3230ed473922c70
-
SHA1
96dd293df1e4d4f7972d3c2d647195b81a1699d8
-
SHA256
328e70cca6f607ee5e124be316cbd024fa84f61b874c0568366516a8222675aa
-
SHA512
c43d222acef5f5581ad1923431aa66a39161da2e69a02afc64aeb901e3c7465c392d11bad5d14662b66f79e90adc3ef843e78887591a4794486350aa0ba6f512
-
SSDEEP
24576:0qDEvCTbMWu7rQYlBQcBiT6rprG8amzNiCDJjKJ7ypNh1:0TvC/MTQYxsWR7amgUJI2
Malware Config
Targets
-
-
Target
328e70cca6f607ee5e124be316cbd024fa84f61b874c0568366516a8222675aa.exe
-
Size
1.1MB
-
MD5
63d74b4d5b18373ba3230ed473922c70
-
SHA1
96dd293df1e4d4f7972d3c2d647195b81a1699d8
-
SHA256
328e70cca6f607ee5e124be316cbd024fa84f61b874c0568366516a8222675aa
-
SHA512
c43d222acef5f5581ad1923431aa66a39161da2e69a02afc64aeb901e3c7465c392d11bad5d14662b66f79e90adc3ef843e78887591a4794486350aa0ba6f512
-
SSDEEP
24576:0qDEvCTbMWu7rQYlBQcBiT6rprG8amzNiCDJjKJ7ypNh1:0TvC/MTQYxsWR7amgUJI2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-