General
-
Target
login
-
Size
8KB
-
Sample
240429-b8ywzaeg66
-
MD5
478fa9fdfcbcb817f5e04ce98f887c71
-
SHA1
eb111dc8f7e7da63f994e23a7cce7a996ce904aa
-
SHA256
cb69bae26bec2b3bfa6031be3e297ef575ec35fc00ef33faeea750ad54da24a0
-
SHA512
406a56559d93acdd44dc48676036436e8dfb23ba931b01e8362c83b847e63973e3b5b8a14b8c60efad2d79a95c70953cdd9acb760f4676f6bd5832c2baefec99
-
SSDEEP
192:K/ddiceZARMq0yThr+CPuH9IGDSSJzsIi1SS4jA/Epy6:K/dd1RMq0Ohr+WuH9FzsAt
Static task
static1
Malware Config
Targets
-
-
Target
login
-
Size
8KB
-
MD5
478fa9fdfcbcb817f5e04ce98f887c71
-
SHA1
eb111dc8f7e7da63f994e23a7cce7a996ce904aa
-
SHA256
cb69bae26bec2b3bfa6031be3e297ef575ec35fc00ef33faeea750ad54da24a0
-
SHA512
406a56559d93acdd44dc48676036436e8dfb23ba931b01e8362c83b847e63973e3b5b8a14b8c60efad2d79a95c70953cdd9acb760f4676f6bd5832c2baefec99
-
SSDEEP
192:K/ddiceZARMq0yThr+CPuH9IGDSSJzsIi1SS4jA/Epy6:K/dd1RMq0Ohr+WuH9FzsAt
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-