General
-
Target
6f5c8354926f49d2d86ec199c74ba98b8125b08c4e1ce73d4b71bcb0c160fdb6
-
Size
390KB
-
Sample
220521-c96hwafcd4
-
MD5
fe4b72c2d49ad64bffad2100272fb9b1
-
SHA1
daab08834a53da8369302f4a830a988cc04edf86
-
SHA256
6f5c8354926f49d2d86ec199c74ba98b8125b08c4e1ce73d4b71bcb0c160fdb6
-
SHA512
de893f548406b80830eaafe440b526568d3d4869a7f68970ddf7d64453c199dc0bb43d49df6cf03bdc814db1ed4055b0618b59080cb8ad374865542f3cc38b60
Static task
static1
Behavioral task
behavioral1
Sample
Account information.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Account information.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.elittacop.com - Port:
587 - Username:
[email protected] - Password:
@eaSYuc8
Targets
-
-
Target
Account information.exe
-
Size
513KB
-
MD5
d4f31ef1f0ee95b0974223a61c7b38d0
-
SHA1
5fbd210c289efeddbf11e79ddf0707f42aadd6a3
-
SHA256
17a6854b9d7de26d3c70352b1a5fe59aeb25abd75c57902950278569bac64f78
-
SHA512
a4ee1525b95f8e5bcca9ed7389f28e7f037bc853b3d38f637ef5c826c10e0931a91c5abfbb63a326714e69b78a817643fc99246192774ab73f7d5731111ec50c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-