General
-
Target
829f334913a3a4c38365b18846ad8d7db274166a041578637c65e1c2f440938c
-
Size
430KB
-
Sample
220521-c4nqwaaahj
-
MD5
050894b5ac6657c9dcbb9645b9091d62
-
SHA1
b3434f0fa4053386c7f3eb4e0aaf82243a2a3ba5
-
SHA256
829f334913a3a4c38365b18846ad8d7db274166a041578637c65e1c2f440938c
-
SHA512
b7d96f7c0aaeaca711915371eef90a6caa7281299140cb41eebf0ffb2e54bd723fc0a24e0b29da76e8dc6303a62424398178eb845f4e43a4f310f31e6b81019a
Static task
static1
Behavioral task
behavioral1
Sample
New Order Inquiry.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Order Inquiry.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
@Veronica24#
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
@Veronica24#
Targets
-
-
Target
New Order Inquiry.exe
-
Size
478KB
-
MD5
c4c08e63699bf45f2a599f2e586c665e
-
SHA1
b7660255ffd52c56bd4da03092a667eee3759dd5
-
SHA256
6a147caafb9ba563492e7974b271d469c95300eabb699dc797ba896587aafe1b
-
SHA512
b53aaf98422aae0447eead74252cbffe0cde0abad1594aa9c3967c3751b4643a62c718795db563de765ce063c9267bb3668b8b28f88758153af54acd3807bf6c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-