General
-
Target
PO_DEA83657-ARF-(QR - 0621).exe
-
Size
943KB
-
Sample
210727-lg1cf51hf6
-
MD5
465925dd7f0d7f41b5fff771e3cb8358
-
SHA1
a7aa00da7f562e127c66e0c63b13ddde78fc3b08
-
SHA256
9a5ea80dc3f334116c002ab185a5f54f80c72bcd11fcf5051b0a2e3a7704a3df
-
SHA512
28c8db63e8706692d8350c1bb90b7f3a9ff37f3e66e5e3f96dfff34b7f0b6915525e156d08313e541086e6c1bac94e1c7d00060c83a0ac31354755290de493e5
Static task
static1
Behavioral task
behavioral1
Sample
PO_DEA83657-ARF-(QR - 0621).exe
Resource
win7v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.aetheredbs.com - Port:
587 - Username:
purchase1@aetheredbs.com - Password:
AtVywhA4
Targets
-
-
Target
PO_DEA83657-ARF-(QR - 0621).exe
-
Size
943KB
-
MD5
465925dd7f0d7f41b5fff771e3cb8358
-
SHA1
a7aa00da7f562e127c66e0c63b13ddde78fc3b08
-
SHA256
9a5ea80dc3f334116c002ab185a5f54f80c72bcd11fcf5051b0a2e3a7704a3df
-
SHA512
28c8db63e8706692d8350c1bb90b7f3a9ff37f3e66e5e3f96dfff34b7f0b6915525e156d08313e541086e6c1bac94e1c7d00060c83a0ac31354755290de493e5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-