General
-
Target
965adf7a1801c316be90b2d244035375e97d07198230e61e88eaa40ce45ff93b
-
Size
380KB
-
Sample
220521-cy39daefh7
-
MD5
9bf364759cdf9efae4f91658bb2c7e46
-
SHA1
a1e6a100f8424df551ada45dc827790c284c38a3
-
SHA256
965adf7a1801c316be90b2d244035375e97d07198230e61e88eaa40ce45ff93b
-
SHA512
fa4cd280aabdecf3e10a67abb96eed3f05ee12218304b44081a81161a12d50414ea04522ceac4d3b2b6f487a5ddaa3f0783856cda3fe02dd119e9e8c301a214b
Static task
static1
Behavioral task
behavioral1
Sample
FR00098WED88_________.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
FR00098WED88_________.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
lasco4000@
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
lasco4000@
Targets
-
-
Target
FR00098WED88_________.com
-
Size
411KB
-
MD5
55041e67523a23b8c38cb0986fa80081
-
SHA1
53ad642ab5f78b27d8d73a0af337578396863a58
-
SHA256
359c6dd6d5b5d3b1a0c3aa744d1df91f083efebeaf554b251d1607775d2dba55
-
SHA512
cd492e20836cfa961d06b96b9a0da34f9d70c5856d140aa463c1cc538ee927974a7a1c6eb20153ff9e966033b06765d06854f81e34a757f4611b05ef490f7f0a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Drops file in Drivers directory
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-