General
-
Target
109408dcfe0784adfeea32943d88f40a21a1439057026372bda3e1a0ba2c4618
-
Size
754KB
-
Sample
220520-2nrv2afff4
-
MD5
79c3fed794f20f92040c608c31eb8a30
-
SHA1
1a37d5b43e95dc5e60ab5f18e3b3b535b9c99dd6
-
SHA256
109408dcfe0784adfeea32943d88f40a21a1439057026372bda3e1a0ba2c4618
-
SHA512
521d53aa12b8bc0c001dfd7d4457f9edb05f297249e7f8383de7e87759b5c90230b2bba295d373998987517685e1cb22bb0dc4a1dcbe217d3142b3da5cfa2073
Static task
static1
Behavioral task
behavioral1
Sample
TNT Shipping Documents_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TNT Shipping Documents_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.nabf.com.au - Port:
587 - Username:
[email protected] - Password:
r%cd3=De!F8)?Q.VuK
Targets
-
-
Target
TNT Shipping Documents_pdf.exe
-
Size
862KB
-
MD5
5a95e13acb71d2050f346aacdbd31a06
-
SHA1
503dc0640ea73f76f4bfb776ecd03da6148e2077
-
SHA256
38fcb333238cb4390662b70073f768dd5928d7995b77747add4f2acc8dff4db0
-
SHA512
ec98e63d65e87a4ffd4a9d5791e42300969d11523a1edacc24b6c328306ad4625da3e5bef2fd36488fe0515528f2f7acfe31092ff0f0ecd6a11b7b735b039b1e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-