General
-
Target
eb41dc9b26ffcfb782fe15ddac09de3133c23322d5b82a5d256f319e9ebcf2c4
-
Size
400KB
-
Sample
220521-bmdc5sfbbp
-
MD5
78e1847f71ac2227716c72659dbb245b
-
SHA1
3053a0332fb10ccc55f94ff8269834eeca205666
-
SHA256
eb41dc9b26ffcfb782fe15ddac09de3133c23322d5b82a5d256f319e9ebcf2c4
-
SHA512
b3d78f83b70a3edbdf16bcdc8e72c84e4045f1f0ac5de123455f97a7efaa5d1d8d49b35186c6e4d9e343013ce3b23f45ea323aab12a3bb589752d8b6cc02ec3a
Static task
static1
Behavioral task
behavioral1
Sample
account info.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
account info.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
GODISGOOD0147
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
GODISGOOD0147
Targets
-
-
Target
account info.exe
-
Size
423KB
-
MD5
79208d66f65c7573cff6f5b536f73512
-
SHA1
83ebc1be6d9af27e820ae31f78b35f22a0e681ad
-
SHA256
206963538310d62ce955a7b9faf81f5cf97052debc932d18c779ece742aa30f5
-
SHA512
c82e102575f7dbf1c98f1e5974af3480ce1e3d3702b9a0cfffd2bf925806c545d29d9fe9345cb411434caa22e58d0a4b8b10b25083ad7c78eeefe6b78e66e8a6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-