General
-
Target
d8b16c913ebec4d5c8b8ec2670784be6888dab816b3a688107003cab8189fad1
-
Size
460KB
-
Sample
220521-cgpdwsghdr
-
MD5
529b06602e276ea1a16f2919fbcc0549
-
SHA1
83b712fe7aa7eed95cdc63aa3bbd952cef50559b
-
SHA256
d8b16c913ebec4d5c8b8ec2670784be6888dab816b3a688107003cab8189fad1
-
SHA512
12859a70ecc73f39000106cd42897c8bd9a2d8d0b469279061b363eaa774035fc5a660980c7445770c16099e1ddd4c417cde3edb2795e1aecdfda4b3f6127677
Static task
static1
Behavioral task
behavioral1
Sample
SOA_31_05-20,pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SOA_31_05-20,pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ronclo.com - Port:
587 - Username:
[email protected] - Password:
zi*MhOQXl2
Targets
-
-
Target
SOA_31_05-20,pdf.exe
-
Size
399KB
-
MD5
7071e908ec72ee06a679afafe3fee931
-
SHA1
e228829cdadcadaa0ca4086f325a63420948a0f5
-
SHA256
1814db42ecb625d8c1f7fbedc9139f090896eb7fff58166b5cfa8cf5f9098c93
-
SHA512
e4a3b4f93992636386439bb91403d96a695e7fa0b12ea2ab352322ca878f8564b24c8310e72b4eecae1444aee881e076a3f8a19af8aa1ae66e070366a18dc0b3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-