General
-
Target
9e985c343835204f9a3754f1f4afae132b2acec6f91ea6af8fe63e22cde4dccc
-
Size
384KB
-
Sample
220521-cw8q3sefa9
-
MD5
fdf760439844895828727d262484e648
-
SHA1
15abece73fb1bf56dfd419fccce6d4b84285ed90
-
SHA256
9e985c343835204f9a3754f1f4afae132b2acec6f91ea6af8fe63e22cde4dccc
-
SHA512
a47db9cabd30da6536868cc91939c8baf530d6bde585915908a0ab265bffd277c6508ec4bdd1099ae4b96fa9f689ba42971cd37a4c3fceec670c6ea20bb0ec9b
Static task
static1
Behavioral task
behavioral1
Sample
Purchase ORDER.exe
Resource
win7-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.samudrapanel.com - Port:
587 - Username:
[email protected] - Password:
weslali234
Targets
-
-
Target
Purchase ORDER.exe
-
Size
418KB
-
MD5
9379b0be7d5f7bdf52de8bcaf7cb0822
-
SHA1
0f6fae2ae2a8919646b035fe5a61c3b5a03c6267
-
SHA256
ac2aab6531d925758d42b868961baac85fba5b02343b50597f820f1cf7c60e0a
-
SHA512
04597f30ccebf497d54f3cadcb8a5a2833a7bf4cbefa99081db1ff995a5e501d01b4f8c934066938e818ece731b2c48fb9517b4b1c49a429a630f05cfd49f99a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-