General
-
Target
639926efa5247a8261f9bae6e371dd5ba1f1f093d89e52bc4ec4beff980b242a
-
Size
522KB
-
Sample
220521-dc91gaaegl
-
MD5
b89bd1fbfc2ff9a643530ce8cb384455
-
SHA1
6caf320a5c8a9867dd91b3281bad98531ca6dbc7
-
SHA256
639926efa5247a8261f9bae6e371dd5ba1f1f093d89e52bc4ec4beff980b242a
-
SHA512
ba415464a6546ca213f0a026dddcfa7ec6388b887c1606be0a110a157281c6815cafb9318d4cbf8a45809b39bfa9275ac349b18a3d54d169bce36e551d5b7232
Static task
static1
Behavioral task
behavioral1
Sample
_Invoice MV2063576.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
_Invoice MV2063576.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
gatefee22
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
gatefee22
Targets
-
-
Target
_Invoice MV2063576.exe
-
Size
617KB
-
MD5
86058f24e4c425412d054749b30f7698
-
SHA1
0dd03e47457339c79ebfcaff3c4a68633b3a806a
-
SHA256
016d18a1819dd57ce155f552bc917ae63b3e4f795be54bfff3eede42df23b6ee
-
SHA512
3a398417aecfa5e65ce0a434a2b929db5803ce255580223a2729859398d2ff093e648f187c74ed01dc1166f9fd5fa81ee15aef872422bec24f9538e1b0019046
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-