General
-
Target
a8dd4bf924b9fc2b3e55afd2aed462e6da483b7faa6394d233a55703b734ed5d.zip
-
Size
873KB
-
Sample
231201-x6pq6sfe81
-
MD5
c81704cdcb3c8f5941f3491c13bb9184
-
SHA1
65862e96aafe1b2f2403f37e563f9533a4e32a60
-
SHA256
a8dd4bf924b9fc2b3e55afd2aed462e6da483b7faa6394d233a55703b734ed5d
-
SHA512
8d10fd820ca35af5559efbe1de4defb22635ef615e397e39eea18048b9a5378d81c053f4a636323bb2fc57352b226de4765377e094edf65cc98161978d22ed06
-
SSDEEP
24576:eIseiYVQMJVIwA6EuRr5jl2oQ8+Kk6NI6Gj6KUJOcr:eIs+qKQeHJ+sNIVjgJz
Static task
static1
Behavioral task
behavioral1
Sample
003035044445.AWB.PRG.CHO.M20.20231124.003622.20231124.004549.10532.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
003035044445.AWB.PRG.CHO.M20.20231124.003622.20231124.004549.10532.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.unitechautomations.com - Port:
587 - Username:
[email protected] - Password:
Unitech@123 - Email To:
[email protected]
Targets
-
-
Target
003035044445.AWB.PRG.CHO.M20.20231124.003622.20231124.004549.10532.exe
-
Size
1.0MB
-
MD5
50fcb0b381ff9bbef33e90561ca1d324
-
SHA1
eb9d093de06bacc8204058ba9ed7c77f2194560c
-
SHA256
eb0c9f7ff7106033740df49533023ab8c93304ec66c76496dde0aab528a7472a
-
SHA512
811dc2da113f2272b4211c558a9d0882743571ff4a3becc2771718e5bc8e15978f1b0efa030e9dd4df2fe77143c96917b62fca552488c13e0b8ad36929f98265
-
SSDEEP
24576:6yBN2mseCYCHXDm/jvyzRT5Fl2ue8+KkewDyTnUdVXR:6ybsNYCHTm+t1r+QmyTn+VB
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-