Product List.exe

General
Target

Product List.exe

Size

564KB

Sample

210223-1v53ngg6lj

Score
10 /10
MD5

df1a8e7ffa630db4a9fa38abaec4c0d2

SHA1

19077607d6f6951499783faec6f1722cb9b2c077

SHA256

8174806d6bbe5f5c713a2a860c36b22d3efe8c7effeb0284bb23de5a9fe68d26

SHA512

7e7c2e8d94afae614291a9add08ee21ec1d0045ed30f0912a1572aa0d4090a214de0ac669cdb0f87a7bba35e9ca82fd5aaabe88871c1f5567ba2c3fb26262973

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: at.engineering

Port: 587

Username: kristle@at.engineering

Password: ATE@2019
Targets
Target

Product List.exe

MD5

df1a8e7ffa630db4a9fa38abaec4c0d2

Filesize

564KB

Score
10 /10
SHA1

19077607d6f6951499783faec6f1722cb9b2c077

SHA256

8174806d6bbe5f5c713a2a860c36b22d3efe8c7effeb0284bb23de5a9fe68d26

SHA512

7e7c2e8d94afae614291a9add08ee21ec1d0045ed30f0912a1572aa0d4090a214de0ac669cdb0f87a7bba35e9ca82fd5aaabe88871c1f5567ba2c3fb26262973

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Looks for VirtualBox Guest Additions in registry

    Tags

    TTPs

    Query Registry Virtualization/Sandbox Evasion

  • Looks for VMWare Tools registry key

    Tags

    TTPs

    Query Registry Virtualization/Sandbox Evasion

  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query Registry System Information Discovery

  • Maps connected drives based on registry

    Description

    Disk information is often read in order to detect sandboxing environments.

    TTPs

    Query Registry Peripheral Device Discovery System Information Discovery

  • Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                  Privilege Escalation