General
-
Target
90b192b28841661e15ccd24f0ffa708b52f6f64984b5027cbb1b516fe01aa06c
-
Size
408KB
-
Sample
220521-ae5xraabd4
-
MD5
cac71b11b6beabdfae8cb8790b096177
-
SHA1
d839ba80398afd15014439e68e3a925333f58770
-
SHA256
90b192b28841661e15ccd24f0ffa708b52f6f64984b5027cbb1b516fe01aa06c
-
SHA512
0eb657404003f966a2c459654a0931d20267147272ad997cee28d4c88bfee763138eed2ec4a56361e86674310ba17cdb60be94ed8849678435915cc56d9c0710
Static task
static1
Behavioral task
behavioral1
Sample
DHL Shipping Receipts.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL Shipping Receipts.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cosur.pe - Port:
587 - Username:
[email protected] - Password:
C0m3rc14l%
Targets
-
-
Target
DHL Shipping Receipts.exe
-
Size
448KB
-
MD5
69d9ceed5576ad950bcec177e86b0033
-
SHA1
c975b18994917b1dd93ee2e10ce2e15b586c02ba
-
SHA256
ad526f12fe479654bd0e631a03dffceea2f9c0e0f01cb16e03caa4a6b4ed209c
-
SHA512
82fe28daf753888704000f41c3202977110751bf4a08060f9bf4d8e85987cc8556d08cdae65a0292fdfc4abb351df0aeed9e7aa8a7e7b288b5d892f8cd84509b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-