General
-
Target
QUOTATION_MAYQTRA031244 (1).z
-
Size
58KB
-
Sample
240514-seedxabg61
-
MD5
9bb5ff7fb5f9c7494da6ea7fa2c8021a
-
SHA1
ed00d72a988da13607e13e39f8cc16784e50b02d
-
SHA256
94e1fa2f5b070f90258e2f9b2cdbaa6f71a68d1b39b912bd81c73b270142e7aa
-
SHA512
a32a1fb271e0bd515b9af3f7342b202c2eecb95af4626304e9a68b8e8e62ebe74ed75024f423e68f56ad4656c67d7aac0ec8f0d21c194407e671fe3e80297247
-
SSDEEP
1536:vzhNx5tcD9dnssHQSdqCnqzMnR2vJ/QSj5uDRF+fVarBmol5Fb:VU9as/kCndRmGSGLBmoTFb
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
gator3220.hostgator.com - Port:
587 - Username:
[email protected] - Password:
PDMgpFaraDAY%@@ - Email To:
[email protected]
Targets
-
-
Target
QUOTATION_MAYQTRA031244PDF.scr
-
Size
470KB
-
MD5
d7f47119b95818996e519dde8edb6966
-
SHA1
dd2639542a81ffebee5ab324fc67a9ff5a983c41
-
SHA256
e92379e6ddeb7505921a28d344b676df85848f13b7795362ef0732b456ab0ca7
-
SHA512
e80cfb790baa9ea3eedf5f4b7ca9ebcac0aa4f7e8d18ace5eeedf66e45fa85b1ab5b47529a6d6174f6920a660519d6a391a22a33c817ae2a2a3da6fc9646bf6e
-
SSDEEP
3072:hVnfM+ySEWMJ1yNzU5+Sicyjxh4H444lM:h6AzWiTf4H444l
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-