General
-
Target
8ae2801911fe1a3f3a658e92aa56f2fa64b6838c6dd5e568d0c2606f0508e10b
-
Size
429KB
-
Sample
220521-c2hrvahhhk
-
MD5
c00485b785ae12c5d6bd8402365664c7
-
SHA1
ce4223bcd76e0705707489a32274d0ee9c82b3b8
-
SHA256
8ae2801911fe1a3f3a658e92aa56f2fa64b6838c6dd5e568d0c2606f0508e10b
-
SHA512
9c418551093520dd3e0d44847bf066ade6c32ac0e2bd594f1565e3b98356819eb204437df996a0ad47fa33129b1a4be1e923dd3aefd8b1bf2bacad758f30a367
Static task
static1
Behavioral task
behavioral1
Sample
CompaniesListing2020_Office_USE_ONLY.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
CompaniesListing2020_Office_USE_ONLY.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.fsicibd.com - Port:
587 - Username:
[email protected] - Password:
SH23newaz
Extracted
Protocol: smtp- Host:
mail.fsicibd.com - Port:
587 - Username:
[email protected] - Password:
SH23newaz
Targets
-
-
Target
CompaniesListing2020_Office_USE_ONLY.exe
-
Size
512KB
-
MD5
d6ae3cd904a77882aa5f0cfb0b997de6
-
SHA1
3dd3969961176986597fa5ef7977fbb5c2b82276
-
SHA256
3a062094e4e4f6e4d0b2e81c2c8821a82e599d668faf93614bd7063cad01d690
-
SHA512
2c9ec916fba63fd0e4957178eeb31b91903adbf885c1c93b88c5cda737ab1d0b4c71f62733e819e7dd5d43e138bcdc5354344aa4235731ec662e42a9aeba469e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-