General
-
Target
dc63886bd99eb759023d1cfa8d0e595ee3960797da8001e173b87d58ca73c485
-
Size
328KB
-
Sample
220521-cfwftaghan
-
MD5
ca2dd669b1652d0002ea12d5d59d47dd
-
SHA1
b0dd6e01e0f8d7f9bbdcfc239cd0033d32a1bab9
-
SHA256
dc63886bd99eb759023d1cfa8d0e595ee3960797da8001e173b87d58ca73c485
-
SHA512
fad6920418805c4653961102625df817a9a9d214714c60e76bb9b9d8f4e67172fa43fa35a058d68c25374652e41dda1db47a64f0fe031b00fdbfb6a364d631f4
Static task
static1
Behavioral task
behavioral1
Sample
Account Information.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Account Information.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.elittacop.com - Port:
587 - Username:
[email protected] - Password:
@eaSYuc8
Targets
-
-
Target
Account Information.exe
-
Size
383KB
-
MD5
d270f61aab71c628830f0b310d827a1d
-
SHA1
c12326e69d36377c4fc0ef566bec49c77105ac72
-
SHA256
dbdf8847c3248a7b5df69d597b6da2163be990721ab221f5e114ac04d1b29eac
-
SHA512
dc273ebc52bb3f116674540c89854fb32e65efa5108e2a0040034e16ac5b63c61c677c7f576426706f99a3f77f904a060c70467119264f4cdcdc76a81a5ad14f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-