General
-
Target
SHIPPING ADV#202109.exe
-
Size
810KB
-
Sample
210915-jan8waaah8
-
MD5
a44b879e71e23900ed597f6844319b2b
-
SHA1
85c9f8e4d824ffa3f7ab89e60d374930516385e3
-
SHA256
7b3fc292a6205855f1a48175af411180f33473bdaa343349563e089b18d9ebc9
-
SHA512
a541cd4348de5e9a1737bc9dae4535bb5f3936abdd1235afe5c46cb81ea7d14e17c961fc8226a7e93a7acd2a4131b13a328b2578492d30a05c7f0b6ecad84f64
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING ADV#202109.exe
Resource
win7-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bsia.co.in - Port:
587 - Username:
yogesh@bsia.co.in - Password:
21mbsia@)@!Y
Targets
-
-
Target
SHIPPING ADV#202109.exe
-
Size
810KB
-
MD5
a44b879e71e23900ed597f6844319b2b
-
SHA1
85c9f8e4d824ffa3f7ab89e60d374930516385e3
-
SHA256
7b3fc292a6205855f1a48175af411180f33473bdaa343349563e089b18d9ebc9
-
SHA512
a541cd4348de5e9a1737bc9dae4535bb5f3936abdd1235afe5c46cb81ea7d14e17c961fc8226a7e93a7acd2a4131b13a328b2578492d30a05c7f0b6ecad84f64
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-