General
-
Target
628f134f1572dde2a4e4afb19cf16a543e1cd7085df93eb38d3a797340775eca
-
Size
423KB
-
Sample
220521-ddh85sfdg9
-
MD5
78d9f2567a57c501f5e9a753c5084d72
-
SHA1
8dd39e04ac023973e2f0f7b411ccdf3e9a98ee33
-
SHA256
628f134f1572dde2a4e4afb19cf16a543e1cd7085df93eb38d3a797340775eca
-
SHA512
62de09c6c463a892e9d120e4aa28d3f4072913fd89dbb29a9d734f3b1443d7dc551398e6c52562c61509248f006b9244dbf1af05c3d194aefeadbfea9a76b4bc
Static task
static1
Behavioral task
behavioral1
Sample
IMG-654-611-44.JPEG.zip.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
IMG-654-611-44.JPEG.zip.scr
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
password0077
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
password0077
Targets
-
-
Target
IMG-654-611-44.JPEG.zip.scr
-
Size
816KB
-
MD5
83548d974ace23e31217eba1d0888fcb
-
SHA1
8b44b85cd1f009bca7da3f98cbac92fd5e601131
-
SHA256
b16313623225240e8d7e449c11d808f59807a3cce123b65aee197e5cc38a2a60
-
SHA512
6ad31152e5b0956254c0f4dfdacd54d5dcceda5628b820b61ffe1c6824c538b38b7899fe95d7c07426c180798cfbd1ceb7e996efda2d1e55bbdfb9de7bf0bf95
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-