General
-
Target
1cf6e97d7e57293341aff0db57c90a1407113308873f0d7ada77bcb4628b2233
-
Size
826KB
-
Sample
220521-a59zdsedan
-
MD5
4fc576f43337e76cfe0faa98cd0308d7
-
SHA1
2fd0fcea0f82ee3c1644484cd12b7fc5ea48c953
-
SHA256
1cf6e97d7e57293341aff0db57c90a1407113308873f0d7ada77bcb4628b2233
-
SHA512
14ae1b95e5cbfdca4e50095832401b51823454a962e8b296c1a99c2c8bf93edda4efa35525a5fb2efec9b4be34a35e100f82493be0b78c37bb2a3dfe86eb59a9
Static task
static1
Behavioral task
behavioral1
Sample
jo.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
jo.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.zuarakltd.com - Port:
587 - Username:
[email protected] - Password:
CLy@DAi2
Targets
-
-
Target
jo.exe
-
Size
772KB
-
MD5
054e68e7d593de58d32a4f0095b01ca1
-
SHA1
bade86f9e513231dd6c7b92dee7333c433b88fca
-
SHA256
42c57a0b5af141e445b1eae32f9dde469346969017018efcdd09f24f40f65c3c
-
SHA512
d1330e3be34cfa148dffe05ab07c88e9c7bd12bac8002c2c3d3a3e02b04de62c9311b84fe32dbd1bbbdd5fc81fd8bb77e9590c512c10dcd96efca38dd65cbd8a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-