General
-
Target
6f79c2009692534020c467bce27910e8b93d9b69ae327323bcbb41229763eb8e
-
Size
663KB
-
Sample
231208-cejevshh7s
-
MD5
515aa14c927e6f5406d23b792832b7a3
-
SHA1
a10e1312fae9db24b4b1f327500d985e8964f8bc
-
SHA256
6f79c2009692534020c467bce27910e8b93d9b69ae327323bcbb41229763eb8e
-
SHA512
5c623d9c082a5434d63ab888cc9913211d33a765766dd7a2bf36e0e9a9d394598772b56b49e0f588ad1c73742017b6c67829909aae9b79c6f9eb3ec37c1fe9d5
-
SSDEEP
12288:iL8CB6nRGQrFsdhBrryGnNJpbD1V7KAFM3l4KaZ7n:deMrZKXpbD1V710lZqn
Static task
static1
Behavioral task
behavioral1
Sample
unit price.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
unit price.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gimpex-imerys.com - Port:
587 - Username:
[email protected] - Password:
h45ZVRb6(IMF - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.gimpex-imerys.com - Port:
587 - Username:
[email protected] - Password:
h45ZVRb6(IMF
Targets
-
-
Target
unit price.exe
-
Size
776KB
-
MD5
b9c88d71dcfa414a7b180fb9d8cdc893
-
SHA1
5ea001d2bb016c92f19e8eb2811e69a9e5a2567e
-
SHA256
2be3900ebc7aed3c08b27ac96e699d6a3a498a6bc2e826334470abf50b90502c
-
SHA512
dd3e66e1ee44341633a91a44aa4dc9d5f414af6b84e6574d96f7c615323193827250d42f58bb6024012523f488a559c7648bd0d21b2d8c1843c41695123d99e4
-
SSDEEP
12288:8GXhkZ5PQEnlGQrF0ddBJryaOAenjVTgBS5LCj:82K/H/ZQWjVkBS
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-