General
-
Target
2909e9a7f4e544cb4089a7f05e3af83c1d6faeb5d3c0d82c0938cd369cba8d8f
-
Size
390KB
-
Sample
220521-bw8weaffel
-
MD5
8448a2b6396013f5d31af44da4a324f8
-
SHA1
b15f2cd0590d755c5f8cc11b0142ca11908d4afa
-
SHA256
2909e9a7f4e544cb4089a7f05e3af83c1d6faeb5d3c0d82c0938cd369cba8d8f
-
SHA512
1db98a0806d9769de88a8662b794d79da5daadbe0d8b28e9dfd53a58acd567a45102f76022887560552165e0553345b8f2afa1c416adcf6e09e276c211032d72
Static task
static1
Behavioral task
behavioral1
Sample
Fwd WRONG BANK DETAIL'S.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Fwd WRONG BANK DETAIL'S.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.opporajasthan.in - Port:
587 - Username:
[email protected] - Password:
Systems@1234
Targets
-
-
Target
Fwd WRONG BANK DETAIL'S.exe
-
Size
430KB
-
MD5
dd5e8f55df6577549de4bc6f120fbdc1
-
SHA1
13010fa3bd4c7e1f7852d579c10505a40afa4bab
-
SHA256
f791e41279744779b60a12e8e88ab15dd254c89acfb75ed5a3772053f8831f63
-
SHA512
1458eff2920a357a6545425931688b2b4e37b034134d37bd697cafa06629e1ed34f4d41516943306b0241c4e90a9549644ba5af50b6f257a7c393705b612f676
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-