General
-
Target
Scan096355.exe
-
Size
680KB
-
Sample
211202-hnnc3afdh8
-
MD5
2e65f749507d0fb3a8e980565a5055a1
-
SHA1
dcd01dd0b4c76b26ba5f1590016a28ed7286a7f4
-
SHA256
7550bec79c053dc848454a9b4e4ddeef38d5e1873b9df5940813af85aacfd021
-
SHA512
e8b3cb57c995561defe236feb32e9811a19123bb4e25e9a7b36c8c42b6b2c2e5cc6608633c895e3a6863adc9e59fa0f70ad4f6ce3f44e129cabc92122eacf276
Static task
static1
Behavioral task
behavioral1
Sample
Scan096355.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Scan096355.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
wOeQnaO7
Targets
-
-
Target
Scan096355.exe
-
Size
680KB
-
MD5
2e65f749507d0fb3a8e980565a5055a1
-
SHA1
dcd01dd0b4c76b26ba5f1590016a28ed7286a7f4
-
SHA256
7550bec79c053dc848454a9b4e4ddeef38d5e1873b9df5940813af85aacfd021
-
SHA512
e8b3cb57c995561defe236feb32e9811a19123bb4e25e9a7b36c8c42b6b2c2e5cc6608633c895e3a6863adc9e59fa0f70ad4f6ce3f44e129cabc92122eacf276
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-