General
-
Target
f84f36180f2ebb246355b50954519a7e1a98e2e064ce8ede63ef266e9242f396
-
Size
523KB
-
Sample
220521-b88feadde9
-
MD5
1829d2e13932e9f754b25a005d7ef6f5
-
SHA1
d57953e97f550383c69d08d0a34e15e96e8e6647
-
SHA256
f84f36180f2ebb246355b50954519a7e1a98e2e064ce8ede63ef266e9242f396
-
SHA512
16b99d329ee2fbd7fd84646a7ee4e2cdb87bbbb3c11b717f9c2a75633fe22af5632d7582419deb993d08547b1c80eb7fc17198fdf98a73487bdc92f856d9c2c4
Static task
static1
Behavioral task
behavioral1
Sample
bNjdGneVfRkYyV6.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
bNjdGneVfRkYyV6.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.elkat.com.my - Port:
587 - Username:
[email protected] - Password:
$9921%sales
Extracted
Protocol: smtp- Host:
mail.elkat.com.my - Port:
587 - Username:
[email protected] - Password:
$9921%sales
Targets
-
-
Target
bNjdGneVfRkYyV6.exe
-
Size
573KB
-
MD5
bdc03e1649f005b65146756fdf737f3e
-
SHA1
c194910f8220fb1d3f2d8e95803a54d5a8d9cb46
-
SHA256
d6f0c8635b3633a57516f738ace0b4feb392894885b604d426b950c0c95d705d
-
SHA512
5744393efe0499756e8a70580fa5995c8805dc38ffd994421d3285b61f2cfbe83c6fb6520c96fd9b0ff96f020b4c501a8868d27f018b1068abec4a0c6820499d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-