General
-
Target
5f377de371a8e95acec9956303d6f032
-
Size
835KB
-
Sample
210915-hqehyadahj
-
MD5
5f377de371a8e95acec9956303d6f032
-
SHA1
4d36d918df8ff90c0327ef713cfa262591d93636
-
SHA256
46eeda891d1ab66cb14c007a901cf167b9e80ed78d9af21889eea4be3eb55e09
-
SHA512
f7766dbb768cd671ac7a2e99b78625352b2ba53504ce9baaf6545afb0d33d769218b117400bb1658a48b1b6a108f56cf29b2287c761c9c98f7d6f714d6c4b506
Static task
static1
Behavioral task
behavioral1
Sample
5f377de371a8e95acec9956303d6f032.exe
Resource
win7v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
mailjege@yandex.com - Password:
recovery111
Targets
-
-
Target
5f377de371a8e95acec9956303d6f032
-
Size
835KB
-
MD5
5f377de371a8e95acec9956303d6f032
-
SHA1
4d36d918df8ff90c0327ef713cfa262591d93636
-
SHA256
46eeda891d1ab66cb14c007a901cf167b9e80ed78d9af21889eea4be3eb55e09
-
SHA512
f7766dbb768cd671ac7a2e99b78625352b2ba53504ce9baaf6545afb0d33d769218b117400bb1658a48b1b6a108f56cf29b2287c761c9c98f7d6f714d6c4b506
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Turns off Windows Defender SpyNet reporting
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Nirsoft
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-