General
-
Target
6c9c4ea1b70b21cc86cedaef25d0fd69f7bdd44c4596dc5246f80376d2edd390
-
Size
371KB
-
Sample
220521-da3tdafch4
-
MD5
1b3667fc215f94ead71c2bd1c746df91
-
SHA1
76b6f2e73a5ea6728e6185712012d8080e7501c6
-
SHA256
6c9c4ea1b70b21cc86cedaef25d0fd69f7bdd44c4596dc5246f80376d2edd390
-
SHA512
75884e89eb295a2604cfb884f1056446287398176302b25d10abfe244c9c6a97e8c02e94441ba275017b59a4cd3c9891c0b3176a4ab83326c2a7bb38e885d4fd
Static task
static1
Behavioral task
behavioral1
Sample
Enquiry.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Enquiry.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lotusgrandhotel.ae - Port:
587 - Username:
[email protected] - Password:
Fbm@Lotusgrand
Extracted
Protocol: smtp- Host:
mail.lotusgrandhotel.ae - Port:
587 - Username:
[email protected] - Password:
Fbm@Lotusgrand
Targets
-
-
Target
Enquiry.exe
-
Size
401KB
-
MD5
c6bfb4a00c7988a677c19c0f17937855
-
SHA1
07ca99213270bf82c1b90b06a1f990c363a3440c
-
SHA256
d97d1614a199d784c0697ff01eff3e4d195dd07e65879a59b3b805d2088ad8a9
-
SHA512
e79a72cfcfb9e735150b498540f3d9d088491dfa8beef41c2a9d6744d86c68ba4955a21031bbf26437caed1c50df81bd5079e8e755e2842d1d34673c825c3b51
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-