General
-
Target
2824d2c7625159e8f495f9c1932fc7a51001693713730c9994cf6ec9aa49328a
-
Size
383KB
-
Sample
220521-bbz3rsbff2
-
MD5
48dc41932cc7562759f465c993f3349b
-
SHA1
60e6b412f31dd0a04c9a27849d51cd1e8e14bed9
-
SHA256
2824d2c7625159e8f495f9c1932fc7a51001693713730c9994cf6ec9aa49328a
-
SHA512
59a9f6144ba2d2a31c69027aa2178e9049a7ed3024871000ee0201a0f21cf92da88d826c950c6e85e6c2272ea43434d6005a523b9cf4d155d43f5bb53b102bb5
Static task
static1
Behavioral task
behavioral1
Sample
KXunm5bl8xyHuMr.exe
Resource
win7-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.prismindia.in - Port:
587 - Username:
[email protected] - Password:
Stencil1@
Targets
-
-
Target
KXunm5bl8xyHuMr.exe
-
Size
791KB
-
MD5
4288d7a9d8d33f7aa22ad1d73065cf6e
-
SHA1
8727fabeaa9ae22eb84aec66c415197bfbc3ae8e
-
SHA256
cdfac7ca69379fdcad030db24eff90d5ee4ef276d450e79bea98793a6801854d
-
SHA512
31a7402edd996b8f0cd02860fde1aee4ee57404cb76275e1ec05a88f23dadaf85ee85fa7a9b590768a09d1261a9d82a2935517d61af8e1dfc849719bdebb08f1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-