General
-
Target
3f2d5c11c7420ba78208f51616832f2faa50765096c3efad84026a77c0ad243b
-
Size
473KB
-
Sample
220521-ayyyjsbad5
-
MD5
6b27cf34f8bb391e3f566f5a307ef0da
-
SHA1
a80520c84cbf77c05622fb2e6a38141fa11b0538
-
SHA256
3f2d5c11c7420ba78208f51616832f2faa50765096c3efad84026a77c0ad243b
-
SHA512
f14c65519c1a29ebb5b8bcfdb96e8345c08b18084ab6fd3f5edbb876a57319268d36704ce1e1869e4b32ef2ab1a3cfe201054afde0e08aa65f12f16fda7fbcfd
Static task
static1
Behavioral task
behavioral1
Sample
Quote#20200722-DOC-7483920238.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quote#20200722-DOC-7483920238.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Sages101*
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Sages101*
Targets
-
-
Target
Quote#20200722-DOC-7483920238.pdf.exe
-
Size
733KB
-
MD5
3afbbc638efdf9bfb6b623a8be5ec385
-
SHA1
c6ee5c6197cf089443fd671cd478f19aa5f0445e
-
SHA256
0c61ccf7de2d11caa06893b4addbfe04972e18696f23e46cc424a29fbae5ae2f
-
SHA512
de9fe75a1b7705b9bbba3541c3cfef43c48fc339d0572dfa6dc59bd6c39d1b9885a8194a2ad5473ee1907fbc52e05ff79e576b12367ebdec9b794da7b25b479b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-