General
-
Target
REF00019102021-Order Xls.ace
-
Size
623KB
-
Sample
211019-mjvnssgehm
-
MD5
ff462f425aea9e595e99070405ff8877
-
SHA1
1c468c6c24be1ed44bc2f10aa29121f987b6a2a9
-
SHA256
7bfd2cfa3a2eeebe9590da5d446dda0bbb12928096e0891f0c5e8b3c5a6a6ffb
-
SHA512
b52b6e1f24a2dfa4e426fe417e474dcb3042b3583ca051486123c74cb071d262fe1c69351fb383fb8ad104e5278dcc946f6729f8e48a120093b28ef795419d47
Static task
static1
Behavioral task
behavioral1
Sample
REF00019102021-Order Xls.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
REF00019102021-Order Xls.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mmdqatar.com - Port:
587 - Username:
[email protected] - Password:
172.93.148.185
Targets
-
-
Target
REF00019102021-Order Xls.exe
-
Size
1.0MB
-
MD5
428be499d18400fb8a92b1d5bdf4bcc1
-
SHA1
3e05b6c8b3c5f6d752ef26ee4472bf75c86aef99
-
SHA256
c4144b07c23720baefa5ff9c9ca78438199544ecd20bc2df227fc361c9e5c935
-
SHA512
a32681aeda4884508d2e71a636dbf9df200ba77f40341bd83d654fc0f6982054a55e1ea59491b319bd3c02b1712f4def7f52a57d01d6a155c7995b43fe26a0f9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-