General
-
Target
9928a88311ace5ab3c6a346ff801399a0d4fad07c5f917d7ba770e102a1bc288
-
Size
402KB
-
Sample
220520-2cpljafah8
-
MD5
f1ca228be81662e6bbb70560405839a1
-
SHA1
c079b888b737ddbf3df03e2e75c499dbb6b31bcb
-
SHA256
9928a88311ace5ab3c6a346ff801399a0d4fad07c5f917d7ba770e102a1bc288
-
SHA512
0e264dc9e05b2ad0a5effa1ea5f474299d9c3fcb5a402ca87ae2c45041cbe59f33a5c45347f4f27ee34af434aff0e423d0d26dab44beb40f4e684cb617627175
Static task
static1
Behavioral task
behavioral1
Sample
Remittance Advice_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Remittance Advice_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ionos.com - Port:
587 - Username:
[email protected] - Password:
temp20182019
Extracted
Protocol: smtp- Host:
smtp.ionos.com - Port:
587 - Username:
[email protected] - Password:
temp20182019
Targets
-
-
Target
Remittance Advice_pdf.exe
-
Size
489KB
-
MD5
40cf989076b344351b1d067c13606bdc
-
SHA1
9cabdefadc281a16534f33603f4984d50016df8f
-
SHA256
21adf33a9b47f5feb7e4617d7f329b3a642f53121875bf28aabde66282a50524
-
SHA512
b04f8d5cef67cc044943a8648053a01082047f7c33dfcb1e1023c9c37163796d78afb3b81a896f22ab7b7763ead4b6d6688ed8c579191cd724629b447593b902
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-