General
-
Target
b32a02101d861d4964cbc3873d544f13ea3bbc22f9de62679fd4cfc09dd3f863
-
Size
654KB
-
Sample
220521-cq5ggaeda3
-
MD5
6e04ecfa9227ce5a97901b9d7a649af1
-
SHA1
29d293cd1d71ec3f03b3622949b6436bc1ba6167
-
SHA256
b32a02101d861d4964cbc3873d544f13ea3bbc22f9de62679fd4cfc09dd3f863
-
SHA512
20e066f3a38d2fb410766f0050e44e10e0e2de6d82f609ff6aa07c7c96be6197af7de6bd0e19c01944b54f149054f56f08c590487eef9577b691ff9fdbb49030
Static task
static1
Behavioral task
behavioral1
Sample
IMG_001.PDF .scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
IMG_001.PDF .scr
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
wRwswHW2
Targets
-
-
Target
IMG_001.PDF .scr
-
Size
801KB
-
MD5
ea7e544c5ce02aa13442622b95251675
-
SHA1
98a25cacce296e3aff2fb569a1453329f5690b5e
-
SHA256
d2eac9fe75330d388b2f86c4c90d4d34f5f92caea368386414ca576feb70343e
-
SHA512
31334cc35753923df9ea752bd0b81913fd3ec92b5c144345486bf832c7180ff2b15cb533ad2f3f21fd360acbc0aa4c284eb90b39aa892bae71b0d72e65046e82
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-