General
-
Target
a00115f4a9e20f6f982db8332779ccd02a8dbf9bb1db45e54a21d374b24cf3b4
-
Size
382KB
-
Sample
220521-cwyk4shfgl
-
MD5
fbcd0cb9ece0628d818cfbea031d7fe3
-
SHA1
0302647ffb10134335740017bba74894a31a5a6e
-
SHA256
a00115f4a9e20f6f982db8332779ccd02a8dbf9bb1db45e54a21d374b24cf3b4
-
SHA512
c4c4d3d9dbf08272c2729fc8fabd14cae71690219060d62217a67e5c832cb5c893bda1761c4b049ee7c7a4bdbbece3f3b939320d1ee11cdb00eeb7f2cbc78a10
Static task
static1
Behavioral task
behavioral1
Sample
Statement of Account.exe
Resource
win7-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.haden-tours.com - Port:
587 - Username:
[email protected] - Password:
In-159753
Targets
-
-
Target
Statement of Account.exe
-
Size
441KB
-
MD5
3ee58a720e88f477d6f817c44aa7c47b
-
SHA1
9b68c4d21b544c3fa4fcfa6f469480a70fe8a947
-
SHA256
9a813db555b2a251a1068f50b1b02d642bb570337058f7f3a7028cafccbe1f54
-
SHA512
535c2869714cd970160dfe85f23735979dec4e08244e3e73e954bd6a7d902ae578046533be9f34a8e9e174232b9a640b2a327305e52a91cbd2da96080d1047ab
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-