General
-
Target
4UFa32rSDVEyUvb.exe
-
Size
683KB
-
Sample
210504-qedf7kqj92
-
MD5
4a99d877018f30de83c9cfe46541a4d9
-
SHA1
c5870fd062129bc05ca85ce6c94c5ec90aa4b88c
-
SHA256
8707ecc0a4c23b20c51f608c251d83d130c9987217f4351d01f355cd005bce0d
-
SHA512
6af823be3ac5657cbc1bf1dc5305b55ec354377aacca5bcea1df979d59de11b130a1b481204269cd1a7232503094d24556833a499469a74bc4bf9b7004299ff8
Static task
static1
Behavioral task
behavioral1
Sample
4UFa32rSDVEyUvb.exe
Resource
win7v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.sierametals.com - Port:
587 - Username:
logs1@sierametals.com - Password:
@^*KJwX7
Targets
-
-
Target
4UFa32rSDVEyUvb.exe
-
Size
683KB
-
MD5
4a99d877018f30de83c9cfe46541a4d9
-
SHA1
c5870fd062129bc05ca85ce6c94c5ec90aa4b88c
-
SHA256
8707ecc0a4c23b20c51f608c251d83d130c9987217f4351d01f355cd005bce0d
-
SHA512
6af823be3ac5657cbc1bf1dc5305b55ec354377aacca5bcea1df979d59de11b130a1b481204269cd1a7232503094d24556833a499469a74bc4bf9b7004299ff8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-