General
-
Target
b625749cf5c283ad041e9c358dcaa23c5f2aedc641a147d0cf5e425a3e0e2ac4
-
Size
416KB
-
Sample
220520-3ykp5scehn
-
MD5
f04cb9995bec16ac945e7cfaa0d244c9
-
SHA1
6cf64873ea673faefcfc9c4681bec57485e3b3e7
-
SHA256
b625749cf5c283ad041e9c358dcaa23c5f2aedc641a147d0cf5e425a3e0e2ac4
-
SHA512
2b26b8fbb555dc93bd79ece65fc543efc010974cbfddd7a1c37b5d8bb3187a30d89fa898e11351ed772134579ef9dde36e70a7f55089b1e83f9b97d0acb29b95
Static task
static1
Behavioral task
behavioral1
Sample
DHL_overdue account letter.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL_overdue account letter.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
[email protected] - Password:
pune@123
Targets
-
-
Target
DHL_overdue account letter.exe
-
Size
471KB
-
MD5
d0a1896ee4fc2f42f980b1bfdbf7ce45
-
SHA1
eb06125d27dabf962f9fb8bb76c60a78df9441f0
-
SHA256
b5d738ea5a80bc92eb43fb1eddf4d628412684eda0bdcd2a325a206d1fac0b2b
-
SHA512
c7fdc8728bf20701ec8d487158fda27eeae6ff7f71be837f94934c3845462d1fa50e25e3c2683bb1d905fb8b4886c0d2d739b10c13c3743a7d51bd0799c330a7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-