General
-
Target
SecuriteInfo.com.MSIL.Packed.19.19491.9488
-
Size
487KB
-
Sample
211201-xvx86sacf7
-
MD5
604c93c0c41e8eb994e7315b3885ec38
-
SHA1
9af5baeab9f2461335ad3e2439bc3e5cb850932e
-
SHA256
af29096b6cbbd74cca47337f62cc2a5553eb3cf225de3dcc993a14e452c3e9bd
-
SHA512
59307cc35eb0606d33bd0cde817e82c1e941d9d2e903888634a77357570b67b6b4b138dc19b502b9dcf8209b46bfae757a0a6200bd56280990c76f17936948b9
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.MSIL.Packed.19.19491.9488.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
SecuriteInfo.com.MSIL.Packed.19.19491.9488.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.huiijingco.com - Port:
587 - Username:
[email protected] - Password:
zVYrdtq4
Targets
-
-
Target
SecuriteInfo.com.MSIL.Packed.19.19491.9488
-
Size
487KB
-
MD5
604c93c0c41e8eb994e7315b3885ec38
-
SHA1
9af5baeab9f2461335ad3e2439bc3e5cb850932e
-
SHA256
af29096b6cbbd74cca47337f62cc2a5553eb3cf225de3dcc993a14e452c3e9bd
-
SHA512
59307cc35eb0606d33bd0cde817e82c1e941d9d2e903888634a77357570b67b6b4b138dc19b502b9dcf8209b46bfae757a0a6200bd56280990c76f17936948b9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-