General
-
Target
7176c65ba1cf65654b1e54892b11fac71babd69da3285e08411fc73daab92dd0
-
Size
562KB
-
Sample
220520-2fdy7sfcb6
-
MD5
a3fb21352d52d5a5b847587cb21bf743
-
SHA1
cc6960ce60cdeecaa6b8f8dfa772da0c21f03402
-
SHA256
7176c65ba1cf65654b1e54892b11fac71babd69da3285e08411fc73daab92dd0
-
SHA512
95c380543046bea445e2f1f3a4107613b1c1844d4d84fbde94d77911b117487e2a9352710f04bb009849a3c9a02512bae42fbd0764fc96884e80df5afde80bd1
Static task
static1
Behavioral task
behavioral1
Sample
4PGVV5ztI9OHQsS.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4PGVV5ztI9OHQsS.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
roham.dnswebhost.com - Port:
587 - Username:
[email protected] - Password:
$KENECHI1991
Extracted
Protocol: smtp- Host:
roham.dnswebhost.com - Port:
587 - Username:
[email protected] - Password:
$KENECHI1991
Targets
-
-
Target
4PGVV5ztI9OHQsS.exe
-
Size
593KB
-
MD5
4d744c49b2e414e7fb512b43f22a3aa1
-
SHA1
c031060a01ce56c430973b6d9be777c765bce0b9
-
SHA256
4babdf3de87110bb4af05c7117cd6215dc8040345ff840282766a753cd08a5ec
-
SHA512
36d3991426b90b0fcd8ba08804250c0b7643220101d934af2ecd19ec1ac6300fb2ccd5faf21c6d4a42b89b6535254954803745620ae1eafcd7f70a562fac8e14
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-