General
-
Target
782083fbf59bde49ea9e6fe9b81bd4e2c0caf67d032b6c130d74f4826ba5ed02
-
Size
409KB
-
Sample
220521-c7pgksfbc8
-
MD5
6e3b36d998c7b152d2660b1218d29546
-
SHA1
cbd4ad1639a8365e27ffc77464ed61d58cdf7599
-
SHA256
782083fbf59bde49ea9e6fe9b81bd4e2c0caf67d032b6c130d74f4826ba5ed02
-
SHA512
6e7d0f7439ca894d4544ac5d0a7d469547a70987d6c8ae9b478016f467892c7e2582adbe86e574af9f88d7ee40f2e6aed9cf4480a0d6b4cfbcc71b3af9e5170a
Static task
static1
Behavioral task
behavioral1
Sample
RFQ_502480987.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ_502480987.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
gatefee22
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
gatefee22
Targets
-
-
Target
RFQ_502480987.exe
-
Size
456KB
-
MD5
824a7153c1a14e7ddf069f46157a1d9d
-
SHA1
77116aba7ff9d7ef6a897a904ba8ce03816766e0
-
SHA256
bacaaa40e0f3b6cba3fc498dfbd6f2d198a767453cd8513acdbafa9fefaeed2a
-
SHA512
1704738f458c31490359a25c8dd5c25d5201b9c448d4e6ddade8b00871e8348c56095a5d97efbe79288987c11902741ed4e0e3fd3e52172f9e844023f594e1b9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-