General
-
Target
a94578e1a694ba09dc9ed5dc7df60fcc.bin
-
Size
768KB
-
Sample
240426-bzz3nsha3v
-
MD5
53551c63db131a5b5413b4b730bef5f3
-
SHA1
bab5b51d0503b9f4218125c129cd46fd9e5257bf
-
SHA256
642fdb884196e5db76b67b675c6ca207afeff5241a2aac13823e6e0608e4df9d
-
SHA512
b2fe22c1f8676268757fbd64e52f763b0ffe07fcc468c0cf3358033e9cf47c4f868e35fcd7947a8e1adb8754fae3bf2d18b3358463dd440b282169f12f23e988
-
SSDEEP
24576:FLc5n/Ir4YpoINs2eHz3IqHSDI5XXggBnc1uTxE:kqV/Ns/nH2I5VB+uTq
Static task
static1
Behavioral task
behavioral1
Sample
b06ef71a820a829fc010a3bc33b6c630282b94d831e25f972b7173f0783b76c9.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
b06ef71a820a829fc010a3bc33b6c630282b94d831e25f972b7173f0783b76c9.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.unitechautomations.com - Port:
587 - Username:
design@unitechautomations.com - Password:
Unitech@123 - Email To:
overseas1@vestalshipping.com.vn
Targets
-
-
Target
b06ef71a820a829fc010a3bc33b6c630282b94d831e25f972b7173f0783b76c9.exe
-
Size
949KB
-
MD5
a94578e1a694ba09dc9ed5dc7df60fcc
-
SHA1
8ea85a39e4e456e79db46abfe00f9be73c8e254e
-
SHA256
b06ef71a820a829fc010a3bc33b6c630282b94d831e25f972b7173f0783b76c9
-
SHA512
ab3277ca5e074100cc9323234ee257816261154bcd6da3b00c56a83b0f0923575649ec9c3272e5ac8da6bd4ae08f6757d7cd15147a15963d144b99be92a30565
-
SSDEEP
24576:8+17qWKvIj9RR5BGNn5BZj6ZNaJ312Zw471:t5AvIj9VB+j6naJl2iK1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-