General
-
Target
NaZonWare.exe
-
Size
2.1MB
-
Sample
240609-ld8g2ahd67
-
MD5
9162db3de83e2f17b1960cf7c376e213
-
SHA1
0249763f1ded61a5267a80181cf8fd41875f75e0
-
SHA256
f19ae8751b7a32b1de3c927af4035dcf1d3977f859a1ae97ad54cdf835d3f99b
-
SHA512
93fc9758770a6479b625735c1ad27174a2db5c40e410e3a257aa48908d6c29d977c55c0ed0925f7d5c8a7555351c7f4a00d216e42229b5d4d1e7f8ffc418d489
-
SSDEEP
49152:/tSdD2ppmuYITYbNbNWo4kSH3OqtwIrkqXfd+/9AqYaR:/4hIT4bNJFY3Oqt3kqXf0FnYe
Static task
static1
Behavioral task
behavioral1
Sample
NaZonWare.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
NaZonWare.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
NaZonWare.exe
-
Size
2.1MB
-
MD5
9162db3de83e2f17b1960cf7c376e213
-
SHA1
0249763f1ded61a5267a80181cf8fd41875f75e0
-
SHA256
f19ae8751b7a32b1de3c927af4035dcf1d3977f859a1ae97ad54cdf835d3f99b
-
SHA512
93fc9758770a6479b625735c1ad27174a2db5c40e410e3a257aa48908d6c29d977c55c0ed0925f7d5c8a7555351c7f4a00d216e42229b5d4d1e7f8ffc418d489
-
SSDEEP
49152:/tSdD2ppmuYITYbNbNWo4kSH3OqtwIrkqXfd+/9AqYaR:/4hIT4bNJFY3Oqt3kqXf0FnYe
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-