General
-
Target
5e36e0d8183dc5620f5f21b9192e4bd359fa03169e429ed4b569a603b85e921c
-
Size
376KB
-
Sample
220521-demyqaafcr
-
MD5
808e5d51169a66f70dd52a9f8f3a06c5
-
SHA1
5394f335eca309609c9993a795ccd3eb5fce9c52
-
SHA256
5e36e0d8183dc5620f5f21b9192e4bd359fa03169e429ed4b569a603b85e921c
-
SHA512
5b174adc6c2c967bb5ed8d5ccefdaa725a1cab4730d80f2a821f21511eb31ba81795573177d50b328926584f24a71c7131143de9185d047ac25b3259afcd4fcd
Static task
static1
Behavioral task
behavioral1
Sample
revised PI.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
revised PI.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
1xH}wgu7}f%E
Targets
-
-
Target
revised PI.exe
-
Size
390KB
-
MD5
3194620f4034331c79d5d0dfc6023776
-
SHA1
6f8d397158da9347587bccfb356af3def94ef892
-
SHA256
eafe80f90a3a9a02cea6165309b01aab3ab9b7eab9401342b665e8fdefc65869
-
SHA512
3c88c05602d5c82a37c1447db0fe9e08719e399fc2a9d1f29e3838114f4a35824b30c7467ff54144d7a19b7c69d56f2140a67a373594698b86a73317733ecab5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-