General
-
Target
73ac93c0f36ef76d8a24a8b329662a6e589d23b6908b0a77daaa96718e0328d7
-
Size
1.2MB
-
Sample
220521-c82hjaacgj
-
MD5
8dbbd8c059ee28a601d33f827eeb4ea9
-
SHA1
a9850534a221f2b2281326577dbd66a97d60567e
-
SHA256
73ac93c0f36ef76d8a24a8b329662a6e589d23b6908b0a77daaa96718e0328d7
-
SHA512
6d13672d278235089e2745a34bddc8dc06e7b5e35c7303f7c69e49d3d56ae9fe055e4446cbb8010e432777a5a17e3bcb6328caacc5be489fab1fc87e4811df74
Static task
static1
Behavioral task
behavioral1
Sample
KTVC1T1Q.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
KTVC1T1Q.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.starmakertravel.com - Port:
587 - Username:
[email protected] - Password:
admin2000
Targets
-
-
Target
KTVC1T1Q.EXE
-
Size
451KB
-
MD5
25e2eb0fa9921cd581cfda6e4704df84
-
SHA1
50a460840f06df61f392aa8ed418ffe2920f60d0
-
SHA256
980aa437fe75f379ec614dbf85c3de7c1b9d9551c78e898be04b49ec1fde6b9c
-
SHA512
6d863706bba3c27284301846d2ff4174619ba1d09785da55df50909482e4b3557f0ae788026c568b8f5f229196e1eff4d056a87e25a2119d9c9ab888ca280e53
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-