General
-
Target
cotización.exe
-
Size
553KB
-
Sample
200707-lrdsgc5ysx
-
MD5
24c35b47082e767b4ac22680441e832f
-
SHA1
dc2d57055bbcd9378d81944d8f599d036df64d30
-
SHA256
c01753dd68c42bc2c0378b93891b424d671cfc6a58a8726e40fa9675122ea028
-
SHA512
1e2fdd25ed01b96cfde47d9ada29b1b0d6b65b16d62298b4155e820effc99cb7489660dc5bb26b9cbf46874a7e22f0378a339acb485dcaccd0fd3386976b849b
Static task
static1
Behavioral task
behavioral1
Sample
cotización.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
cotización.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
SENEGAL12345
Targets
-
-
Target
cotización.exe
-
Size
553KB
-
MD5
24c35b47082e767b4ac22680441e832f
-
SHA1
dc2d57055bbcd9378d81944d8f599d036df64d30
-
SHA256
c01753dd68c42bc2c0378b93891b424d671cfc6a58a8726e40fa9675122ea028
-
SHA512
1e2fdd25ed01b96cfde47d9ada29b1b0d6b65b16d62298b4155e820effc99cb7489660dc5bb26b9cbf46874a7e22f0378a339acb485dcaccd0fd3386976b849b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-