General
-
Target
3fbf6a5448b7a98ab9611a62080f6b6043b136461b1877c123cd5841343f814b
-
Size
896KB
-
Sample
220520-2j89hsfea5
-
MD5
83d1b519b180e7d81ca68c58ffb1cc70
-
SHA1
81a36d6bec6e3ed796809d99fba265b9798bfa3e
-
SHA256
3fbf6a5448b7a98ab9611a62080f6b6043b136461b1877c123cd5841343f814b
-
SHA512
eda5f8e24f6dfa74839ce6543ace1a7b6679adf48f93ab236bb755d479eb2948dee6e010ef4dc126fc028de787ca417349dbc6cb31e0465f85ba5b1afa15ec8c
Static task
static1
Behavioral task
behavioral1
Sample
Quotation TT202008002,pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation TT202008002,pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.1and1.mx - Port:
587 - Username:
[email protected] - Password:
Mare1##007
Extracted
Protocol: smtp- Host:
smtp.1and1.mx - Port:
587 - Username:
[email protected] - Password:
Mare1##007
Targets
-
-
Target
Quotation TT202008002,pdf.exe
-
Size
836KB
-
MD5
5a31407b199329baf9f3cc86c7bb443e
-
SHA1
4be1093ddefcc1dec0d9c9f92f8d94c333456288
-
SHA256
04bc203b9c68d45a74189f7a7bc180fe4fe0304583fae10dee4b036a66e54437
-
SHA512
1576b4c5a962bed8fffd04b26c783982f0552dbd6cdb6e57d1d52655d9ea4055965c9ec93417ed797fca9a4c63f6b26bd19e1011780dd8c02ced1270716c81c4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-