General
-
Target
united+scientific+equipent.zip
-
Size
577KB
-
Sample
231012-dnfk1acb5x
-
MD5
c942c21bcd6dbebdbe2ea20d19b1fbc7
-
SHA1
79ec41591a47a34a8ab123b217533673d17ebc0d
-
SHA256
1507118f528232defccaa4b670e7e72fbcf1a97e272114425517b49133cf8ee7
-
SHA512
2e4ed826ca26d6fb1080ac5da78d1fc90a4b5039643d1475aa72f9083163f83d02f3dd836b546d9aa1740df5d62995861f0e671ea7b130daa40dcc15224ebafe
-
SSDEEP
12288:z+beeYnIsTZTrlbCcllLRr7VyNYQChdcKHOysMaqsI142oxyX+UrDh15:zU0IuZTrtHFKNsdP51zcxybZ15
Static task
static1
Behavioral task
behavioral1
Sample
united scientific equipent.exe
Resource
win7-20230831-es
Behavioral task
behavioral2
Sample
united scientific equipent.exe
Resource
win10v2004-20230915-es
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cybernetics.co.za - Port:
587 - Username:
[email protected] - Password:
P@ssw0rd
Targets
-
-
Target
united scientific equipent.exe
-
Size
710KB
-
MD5
71536be72d8cc9dc156f1ff70b7f69a5
-
SHA1
ff0bb0d7e4dfa01c187c80d2e42d85feb22d98b9
-
SHA256
9909753bfb0ac8ab165bab3555233d03b01a9274a92e57c022f87ccbe51ca415
-
SHA512
9a98d57116a638e4ec0df224c243a074de233bf1859ea6a5efbf0d4d36ef470a9421d535e2d35371c1191d72f09aa0352ba9d147dae62ef6e4fc5c0650df07c9
-
SSDEEP
12288:v1XZi970Oz6hGy69oswvYeMW5+uCwpla6Mqbjvkgb3I9S0dbp5Ne:dXZ7DnY/WcuCd1qbjvkWI9S0Fp5Ne
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-