General
-
Target
Copia de pago jpg.exe
-
Size
1.1MB
-
Sample
210727-mrxdtk29hj
-
MD5
38e13fcd219f49d7cca9c8be57ac6ef0
-
SHA1
637a26e5e069a3262511666304aa07fb3c8cba00
-
SHA256
0ed4dcb3b64eb9b43a02b433a6232b64196bf369c3b2c50ce5342c8e9f4fdcd3
-
SHA512
e046dd4a80d171dff6e33e2eb48425a85f42361d597549b75968ee11a9a076367ef8228958ef259d3a90dc44f40159cfe73f9778c70d5d933d2e5b55b589074e
Static task
static1
Behavioral task
behavioral1
Sample
Copia de pago jpg.exe
Resource
win7v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.palletsolutions.ca - Port:
587 - Username:
eloglogs@palletsolutions.ca - Password:
h~Q+QV.(M2?!
Targets
-
-
Target
Copia de pago jpg.exe
-
Size
1.1MB
-
MD5
38e13fcd219f49d7cca9c8be57ac6ef0
-
SHA1
637a26e5e069a3262511666304aa07fb3c8cba00
-
SHA256
0ed4dcb3b64eb9b43a02b433a6232b64196bf369c3b2c50ce5342c8e9f4fdcd3
-
SHA512
e046dd4a80d171dff6e33e2eb48425a85f42361d597549b75968ee11a9a076367ef8228958ef259d3a90dc44f40159cfe73f9778c70d5d933d2e5b55b589074e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-