General
-
Target
dc9f08e33f838dadaccb6146b51f0ef73d9d7c2bc9199dc5d81109f0fd43b1d9
-
Size
888KB
-
Sample
220520-2wlnzsbahm
-
MD5
26ffc9815e94b01ddf5fd0c2661d18d8
-
SHA1
85e713a4e99f0ee1b4fd8a9d7fce0afdb0527d17
-
SHA256
dc9f08e33f838dadaccb6146b51f0ef73d9d7c2bc9199dc5d81109f0fd43b1d9
-
SHA512
bcfa881adb5dc52a516be484dba723bb9eff1b68c2b96adee38fd3ec637e31631eb72c352bd1a2aa109ffa4295c7dbc0a662c57ed930ba7d6f913ed358f8be80
Malware Config
Targets
-
-
Target
dc9f08e33f838dadaccb6146b51f0ef73d9d7c2bc9199dc5d81109f0fd43b1d9
-
Size
888KB
-
MD5
26ffc9815e94b01ddf5fd0c2661d18d8
-
SHA1
85e713a4e99f0ee1b4fd8a9d7fce0afdb0527d17
-
SHA256
dc9f08e33f838dadaccb6146b51f0ef73d9d7c2bc9199dc5d81109f0fd43b1d9
-
SHA512
bcfa881adb5dc52a516be484dba723bb9eff1b68c2b96adee38fd3ec637e31631eb72c352bd1a2aa109ffa4295c7dbc0a662c57ed930ba7d6f913ed358f8be80
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Drops file in Drivers directory
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-