General
-
Target
b662a8f2d1c6d859afd333504ce89506de871887b57b2ddf1bbc6b9be18ef292
-
Size
376KB
-
Sample
220521-cqjj1ahdbj
-
MD5
5f54e0231682bdeba4b261696d0a01cf
-
SHA1
503d5c8067df89de354eb946998991a3bcb5bc1f
-
SHA256
b662a8f2d1c6d859afd333504ce89506de871887b57b2ddf1bbc6b9be18ef292
-
SHA512
aae2ccdb18b69b6ec0da04e2491d63e3c9d710df212c402e67b7a48af8d86b2ea027faa09638bc340f411ce8871e10ea9063a8ff81a983e42e7e6713aba67ee4
Static task
static1
Behavioral task
behavioral1
Sample
Urgent Enquiry.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Urgent Enquiry.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.drngetu.co.za - Port:
587 - Username:
[email protected] - Password:
WNFpR3FOMJ@6
Extracted
Protocol: smtp- Host:
mail.drngetu.co.za - Port:
587 - Username:
[email protected] - Password:
WNFpR3FOMJ@6
Targets
-
-
Target
Urgent Enquiry.exe
-
Size
406KB
-
MD5
7a4705e3aeb2f90eb861a9169fb5a731
-
SHA1
dc6b67d5b0606c9289480e507a0eed92f90c6a8a
-
SHA256
64ff4868607f7b364f1c83fcbba25a4f954de7682d05d134fc407b4b9af10c0c
-
SHA512
5d1fabf9a839b8f22b2d3345201fff676731ef7da1d48d4a702383efbf46150f49da472eeb47778abe093fae207a8b06e657212263421000913fa5e59739db0b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-