Ord 2354 png.exe

General
Target

Ord 2354 png.exe

Size

841KB

Sample

210727-3zfgafa1js

Score
10 /10
MD5

48af5cf24f8c7fc448ecbfd55d18f426

SHA1

e3cf38df72fda964da45323b60bc9bd88abbee15

SHA256

4e9cbaacb1aaed119e375ac6799f97162442f24a14785e2371b44c5e76125abb

SHA512

378572ffde0731fd3e27761be19741548b3d82d6208542c124f4db415380453d67cec00b297932e8f7a2a02c784c289a62fee1df859372da0eccabdd1ccb30f2

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.palletsolutions.ca

Port: 587

Username: eloglogs@palletsolutions.ca

Password: h~Q+QV.(M2?!

Targets
Target

Ord 2354 png.exe

MD5

48af5cf24f8c7fc448ecbfd55d18f426

Filesize

841KB

Score
10 /10
SHA1

e3cf38df72fda964da45323b60bc9bd88abbee15

SHA256

4e9cbaacb1aaed119e375ac6799f97162442f24a14785e2371b44c5e76125abb

SHA512

378572ffde0731fd3e27761be19741548b3d82d6208542c124f4db415380453d67cec00b297932e8f7a2a02c784c289a62fee1df859372da0eccabdd1ccb30f2

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Looks for VirtualBox Guest Additions in registry

    Tags

    TTPs

    Query Registry Virtualization/Sandbox Evasion
  • Looks for VMWare Tools registry key

    Tags

    TTPs

    Query Registry Virtualization/Sandbox Evasion
  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query Registry System Information Discovery
  • Maps connected drives based on registry

    Description

    Disk information is often read in order to detect sandboxing environments.

    TTPs

    Query Registry Peripheral Device Discovery System Information Discovery
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                  Privilege Escalation