General
-
Target
c5918508f1e4174bf84c1553187cf08bac22d7358b91ab2bf39b8dda27a98154
-
Size
650KB
-
Sample
220415-kqgpeaeben
-
MD5
0846e2ec8c618ce82d0b5afe3d1d4bdc
-
SHA1
f62b82177f25af6d0dabd0bd8c2820270651ca79
-
SHA256
c5918508f1e4174bf84c1553187cf08bac22d7358b91ab2bf39b8dda27a98154
-
SHA512
1b53b80a2a6fbf582e8ba6ee22a6b4b5900dae3143adf4ccc47ffb41ff75af0fb46eaef58ad6836c0844f39b923d92e0d549db8fc5f83f198a7c29034606a163
Static task
static1
Behavioral task
behavioral1
Sample
c5918508f1e4174bf84c1553187cf08bac22d7358b91ab2bf39b8dda27a98154.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
c5918508f1e4174bf84c1553187cf08bac22d7358b91ab2bf39b8dda27a98154.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.theislandshipping.com - Port:
587 - Username:
[email protected] - Password:
ship666
Targets
-
-
Target
c5918508f1e4174bf84c1553187cf08bac22d7358b91ab2bf39b8dda27a98154
-
Size
650KB
-
MD5
0846e2ec8c618ce82d0b5afe3d1d4bdc
-
SHA1
f62b82177f25af6d0dabd0bd8c2820270651ca79
-
SHA256
c5918508f1e4174bf84c1553187cf08bac22d7358b91ab2bf39b8dda27a98154
-
SHA512
1b53b80a2a6fbf582e8ba6ee22a6b4b5900dae3143adf4ccc47ffb41ff75af0fb46eaef58ad6836c0844f39b923d92e0d549db8fc5f83f198a7c29034606a163
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Meta Stealer Stealer
Meta Stealer steals passwords stored in browsers, written in C++.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-