General
-
Target
68f3400958bb9b00fbc1843bd9bef8c9cc54f7c51c346befdc4ab78017729df9
-
Size
615KB
-
Sample
220521-db2mpsfdb5
-
MD5
28554a04a3e424d76329d41443481578
-
SHA1
f043ad66ace3d4099a2d938c8af51146a0363f2f
-
SHA256
68f3400958bb9b00fbc1843bd9bef8c9cc54f7c51c346befdc4ab78017729df9
-
SHA512
d759476b88422b0ee6c7afbc01fc10937fceb17956841173b256f854ab7253853d9ee34d3189aa1f77d9407e8d170adcc3f760268e34677540fc9942d9e43942
Static task
static1
Behavioral task
behavioral1
Sample
未付发票付款(Outstanding invoice payments).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
未付发票付款(Outstanding invoice payments).exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
未付发票付款(Outstanding invoice payments).exe
-
Size
668KB
-
MD5
76a16bed1a858e75f1ef97d567013ada
-
SHA1
935ff6bb1dd762b33036bef5907891ababbf769f
-
SHA256
743cd5b161539860d7779adcc10b393ebb812c8c201b98c974b43ff1f404c34d
-
SHA512
0b4627c8c45b65f2d3ac81947c98f30e84a322a719bf7405d345a5c247bad35b1cfcc6bbdfb252560987546dcc5a8390198e1bcfaa0efc9a53e8704deb126833
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-