General
-
Target
0ef44835affd01422b98be05f7d20c2a04ffd3a0c9dd7e7b8dc6d7e22ecee864
-
Size
576KB
-
Sample
220520-2nwh8afff9
-
MD5
970cd2382074540f8c1750425e6744d1
-
SHA1
b9e65c7b1e60f5a1a0622432db4337f3cd0155fc
-
SHA256
0ef44835affd01422b98be05f7d20c2a04ffd3a0c9dd7e7b8dc6d7e22ecee864
-
SHA512
72fc241b3dcb1ddc33284d3cace0982e6f4cd366a421a2f561d5b59e336e9b05b0e0cbf7e6945de8b0833998d7f3e5f521a45833575cd8b5762371280823f62f
Static task
static1
Behavioral task
behavioral1
Sample
BL Draft-#2020-39883.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BL Draft-#2020-39883.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Sages101*
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Sages101*
Targets
-
-
Target
BL Draft-#2020-39883.exe
-
Size
610KB
-
MD5
94bcc1cc168e1d90a15642e534596f4c
-
SHA1
ac2c7309450982e68e9c7bfa31f30fc76981c8d1
-
SHA256
7ca8232e7c1412239e7ae183a33a8546097b37a1ca2fd03d068472f6ad7021c6
-
SHA512
8f8463d29da3a396e84d1751b53b18b9a51a42930eaeed3acf3d9e704a18d03c433d67ccd3064c2ba2745d0e4194b52f1af5da8ef943c592c580dc12c7c440d5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-