General
-
Target
f0aa8c80b1025888e9d3ede6ead19f1c7b41ba4b84ea4333694ef6be08d44870
-
Size
1.2MB
-
Sample
240510-cn3vvsgd23
-
MD5
48bd2d7482cd826e2d1f5b45a6fd358c
-
SHA1
7642953a58a6227c099c6a36efcf9e4168668a4c
-
SHA256
f0aa8c80b1025888e9d3ede6ead19f1c7b41ba4b84ea4333694ef6be08d44870
-
SHA512
7d98a5b160a107f4c57f9d536dfe0702e3697717e972d769c05600aef2c037019c8c27911ef72afcb4472fb248340f2216b0fbc0adef953a6fbfaeaaef6eb995
-
SSDEEP
384:tOVPIn+qcqIV1lBeDQEXpvGTTmPj3UQ0fnFfDhc:EKnsxBeDv5uTej33+6
Malware Config
Extracted
Protocol: smtp- Host:
mail.macfinmail.com - Port:
587 - Username:
[email protected] - Password:
^6&Z=C94llIn
Extracted
agenttesla
Protocol: smtp- Host:
mail.macfinmail.com - Port:
587 - Username:
[email protected] - Password:
^6&Z=C94llIn - Email To:
[email protected]
Targets
-
-
Target
Payment_Notification (64).exe
-
Size
32KB
-
MD5
97d0675576274850c59feb98704c731c
-
SHA1
796cb61f0c717f15a3049a5a6ab87f30437c969e
-
SHA256
9ec667767efe2a769ac02c6e885ef552ff53db50c0d706febc47b41dc143bd08
-
SHA512
e5cc4ce51423840284623a0a466393cb3fe6c719653717bae01606655ff520cbf4cef75912446c53327bd1bd7fc4d863cb682a87daf04aa29296fbfc18bd957c
-
SSDEEP
384:EOVPIn+qcqIV1lBeDQEXpvGTTmPj3UQ0fnFfDhc:VKnsxBeDv5uTej33+6
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-