General
-
Target
a84902bbc64bef32a19bcbd8a67b8d80e00e26ddc1d38467e55461b419e56976
-
Size
583KB
-
Sample
220521-ct26hseec6
-
MD5
6c59590bae204293950dc473cb2e6748
-
SHA1
cda3550c8e61c3c2c6cf7a1672329152811298b5
-
SHA256
a84902bbc64bef32a19bcbd8a67b8d80e00e26ddc1d38467e55461b419e56976
-
SHA512
ea0ef9ca0480a21c5f50a889db266d7694f48944a9c05794c0cd01ad5fc27320d8474777bfc35ef86a8dde827de293c1c8e9c7427e59d118f615b86136da185a
Static task
static1
Behavioral task
behavioral1
Sample
KsoUkx8kQkhNBfv.exe
Resource
win7-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
roham.dnswebhost.com - Port:
587 - Username:
[email protected] - Password:
anyiego@123
Targets
-
-
Target
KsoUkx8kQkhNBfv.exe
-
Size
645KB
-
MD5
97cd758a698d47b01edd4a3281503176
-
SHA1
da997a6c3491c6a0a58c69aff6a630328dae4602
-
SHA256
8bd67af43b81d9303bc114e81c598c9ae1cb4d55315c750ae3eea3691513c94f
-
SHA512
0d85f512d7669543c0f6ce4337995533755e72d36ab673a43383491e2bc1c937e62e8433c4c90f9077701243061eaca02e0d399a26b1c2c10bb3e0fbe248ffab
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-