General
-
Target
613ec38e8aa3a86fca3c825a8fb3cc1997a1e1401e5b9acba5daff668a01c2f9
-
Size
816KB
-
Sample
220521-aq2pgaafd8
-
MD5
e382c7e8037335dd4e623163755701ac
-
SHA1
fec1ee14f1e9096e47c596743b1856862d99e8c2
-
SHA256
613ec38e8aa3a86fca3c825a8fb3cc1997a1e1401e5b9acba5daff668a01c2f9
-
SHA512
f40b523d5eb7a11e01d5b94dd241cf7c7ce2b1ff41c48e72f7a1d14107974e7d1ad59cf424a06879e42db0489c338cde1a44191a43b13d7a3d174c6b6b85cea9
Static task
static1
Behavioral task
behavioral1
Sample
ch1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ch1.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.elittacop.com - Port:
587 - Username:
[email protected] - Password:
@eaSYuc8
Targets
-
-
Target
ch1.exe
-
Size
763KB
-
MD5
cf29a15b9d5764c1033b13a3b0861e36
-
SHA1
423229cd1c7617856349e9931f35d962bde55ba0
-
SHA256
bdbf27545d51eb4fa15659002a993ed3cb377279a6671d72051aa70a9cda189e
-
SHA512
0991c07a3ddf3cdbf514d0ca9cbe6f605fe0b5715ddb288b0f54e23bd1ece1fe9f9b5bb51ccf709993e75fe38d20bf17f2f0ec21bd09ccc00df352ef08ce19d9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-