General
-
Target
4ac3bf1211efa081b87d49d3b40d8851b0fc66a29f6ad3beb3cb1649d02b8478
-
Size
560KB
-
Sample
220520-2h7pasaebn
-
MD5
698029bb07e262b93f2fe800aa188675
-
SHA1
e928fc58ee0cfd1ca0c250ac9039059b1cad2973
-
SHA256
4ac3bf1211efa081b87d49d3b40d8851b0fc66a29f6ad3beb3cb1649d02b8478
-
SHA512
d28ac44e6c55d81904fcf6262ffcb1d67a667e4ca6837d59c7b9cf7688a06e0876a86e717e582047b51a1995ca889ba8efbfb820cbd4490a393e809b6b9c89a2
Static task
static1
Behavioral task
behavioral1
Sample
VQiCue7HEz6VM3g.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
VQiCue7HEz6VM3g.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
kissme4eva
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
kissme4eva
Targets
-
-
Target
VQiCue7HEz6VM3g.exe
-
Size
593KB
-
MD5
a99ce8dca56f302d6df6c8abcfc707bc
-
SHA1
57f84fc433737662a1edaf8675f3f28038347126
-
SHA256
096e367392216bef16b7bb081ec13edbf71a774b5f8de11fe22a15fed254f8c9
-
SHA512
e5796de19bd9c58c3c49794b1240f16af777308a47333ce8ec41e44ce28f7517c660a70e98f63c21ad7d5c2fb6a10eafb71c1172bea493cbcfe780fa432a8867
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-