General
-
Target
July Order 1 jpg.exe
-
Size
1.1MB
-
Sample
210727-x376qjzezs
-
MD5
6fc8a7966aa650e9bde3b05dbf553466
-
SHA1
3b4aa0d3612ba04d0ccd700912b7ba4d685e31d5
-
SHA256
76895d99680852f9ccb3bc6e2bd937bdd76da6dc16b1e6704e804be92f40c2e5
-
SHA512
05b061c677dc335bf15374001c15df2c58359b035c29328ae11984fc139d4cffd184dcf3223548aae06fd663b07388a2506e835cc5701b3267fd6f91416d7192
Static task
static1
Behavioral task
behavioral1
Sample
July Order 1 jpg.exe
Resource
win7v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.palletsolutions.ca - Port:
587 - Username:
eloglogs@palletsolutions.ca - Password:
h~Q+QV.(M2?!
Targets
-
-
Target
July Order 1 jpg.exe
-
Size
1.1MB
-
MD5
6fc8a7966aa650e9bde3b05dbf553466
-
SHA1
3b4aa0d3612ba04d0ccd700912b7ba4d685e31d5
-
SHA256
76895d99680852f9ccb3bc6e2bd937bdd76da6dc16b1e6704e804be92f40c2e5
-
SHA512
05b061c677dc335bf15374001c15df2c58359b035c29328ae11984fc139d4cffd184dcf3223548aae06fd663b07388a2506e835cc5701b3267fd6f91416d7192
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-