General
-
Target
#RFQ SUPPLY Unilever House UK.gz
-
Size
389KB
-
Sample
211025-q29gfshban
-
MD5
56a5e9f36274d3ad15f606eb88d2b5bf
-
SHA1
5b9f27f621289d1fabb9c0062413fe3ce824310a
-
SHA256
54278d26b39d099e19fff3909834dd30398a1805eeec077f709a245b9a79a62d
-
SHA512
90091a4266e12b8cb04e779dee5128347df0833f85a43b2e97dd991c282dcc2115675a2c1472268a9f6ad3848c4358987346c7160ae939aedf80a845861a8b61
Static task
static1
Behavioral task
behavioral1
Sample
#RFQ SUPPLY Unilever House UK.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
#RFQ SUPPLY Unilever House UK.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.regalbelloit.com - Port:
587 - Username:
[email protected] - Password:
sSAfydK0
Targets
-
-
Target
#RFQ SUPPLY Unilever House UK.exe
-
Size
748KB
-
MD5
9c2edb97aaf6013cb0f74296203e8282
-
SHA1
167af6389486d80064b7321663876932b1934c42
-
SHA256
a8c0c2fcf4f6dbcaafc53a6c9cd3c50a58b6429d240577530e368ce4e27df294
-
SHA512
af0a2879b1c89ce02677946363f14bad0d5566cf095b0da0b7803391dd4dc5265bec9edd440f809debd99bc74d9c9c524b770c1c10c9c3da740d3557339ae907
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-