General
-
Target
6e02765e6ad99f87555aa34f4c86e840c157ba748016bd1b721dccfeeaf06cca
-
Size
468KB
-
Sample
220521-ane3paddgj
-
MD5
09a85fcadc3fc0877f211fa8e12c5c1c
-
SHA1
bb8d15aee0ad838479bfa526cc8b0219334c37aa
-
SHA256
6e02765e6ad99f87555aa34f4c86e840c157ba748016bd1b721dccfeeaf06cca
-
SHA512
46a2da2fa796dc972888625512ce353531004f10c98c8d46474fa02786ba13a2c877a555dc446bde71f7ce35a1667647d10b4784d66ac884e804f2080f59b393
Static task
static1
Behavioral task
behavioral1
Sample
0LbmEpBJoUrZ3mY.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0LbmEpBJoUrZ3mY.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dogaseed.com - Port:
587 - Username:
[email protected] - Password:
Doga_2017*
Targets
-
-
Target
0LbmEpBJoUrZ3mY.exe
-
Size
584KB
-
MD5
499ddbaac177da774914321b5ab830b1
-
SHA1
de1a46c7a29401af77358af58ac969d246f3b929
-
SHA256
a6ab7254afb3d90d19538adcbf41e70460c06e11bb51778d604f0b9531451254
-
SHA512
e79cf22c00446f5ff3733b9fe12c551806e758d66511fe3c0ab27589b2504b13f36f1b1fbc65a0ac425ec901a5dcc2ba2109be12306e8ce2112995b6a97998b0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-