General
-
Target
aebaa928a7a6afebed8a60d6d37f06c8bcb9af2b2eea0f94ba041fec9beec10c
-
Size
384KB
-
Sample
220520-2wt1csbbak
-
MD5
028f4b3cc11e447d855e3b237a027dd5
-
SHA1
b3be1c3a7ff1e1288341afbd136003d80daa6da6
-
SHA256
aebaa928a7a6afebed8a60d6d37f06c8bcb9af2b2eea0f94ba041fec9beec10c
-
SHA512
05e6899788fd6d77ba991b6be729f39c151c998c5ccafe1bf0fd8738f502efc426fb534aeab4cee56db50038a8db7dd2f62c935e5a16e2b743b92ac151136dc8
Static task
static1
Behavioral task
behavioral1
Sample
enquiry.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
enquiry.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lotusgrandhotel.ae - Port:
587 - Username:
[email protected] - Password:
Fbm@Lotusgrand
Targets
-
-
Target
enquiry.exe
-
Size
436KB
-
MD5
8c55b8fb78847c74c2dbbebe321314d0
-
SHA1
60325625c9418917ba79a12060b3855eb739c7ca
-
SHA256
90c6b56f55742297280258483cd14c0d92575ba6692f9662a0282bb60eae089a
-
SHA512
e356157109c89fa9d60e9f11a2d36f4f60811e9d54d4710de561187f6882b8d6c2a714ab0f3d139ed79154702f38ffc3352dbea8e99f13ef6f225c5a201d71a7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-