General
-
Target
f7a9360069b5a45d57794fa85030ca31b7648785ec13226d965d3bc60bea524b
-
Size
530KB
-
Sample
220520-15k85shggl
-
MD5
6c2b6e8d7b414b91e12a7e6d4d796ff9
-
SHA1
475a317f14d4f7d50d18e1929d71140afa878501
-
SHA256
f7a9360069b5a45d57794fa85030ca31b7648785ec13226d965d3bc60bea524b
-
SHA512
5415ec7be5567f0b1f9beb56f0d57d7fc84d3d398eb8fdc159d1ffb17feb67cebef7a9896883fedb929c9b3a53f10c232d7bc326d2ccdff1a9248914b97a358e
Static task
static1
Behavioral task
behavioral1
Sample
New supplier Inquiry and PO 208203150_ DOC.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New supplier Inquiry and PO 208203150_ DOC.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.marinedepot.pw - Port:
587 - Username:
[email protected] - Password:
ZE(ChcR7
Targets
-
-
Target
New supplier Inquiry and PO 208203150_ DOC.exe
-
Size
563KB
-
MD5
c9d35a3fd5c065d1c6e9674b41d4049b
-
SHA1
7984a0d06020039e7176ee41d4d05d6b566dd3d3
-
SHA256
726e4468c86762527d6fd4ebd9ebd07516e00e58eacf31e572b9f6c463727249
-
SHA512
611f6b6c1629668eee90714d6543a7af45e96d17ee0a0d21719c542833e0ba550418781aa1e5b412b86614a91bb545c6baabe796b30cbcff815758b83b07578d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-