General
-
Target
58b223da1a35946090389dcfcb2a98f97aa3dc82fab22acc3214f4af7697573a
-
Size
418KB
-
Sample
220521-df2s9sffb8
-
MD5
68cd3843d57b355658cc816f15589117
-
SHA1
baa253dcdf3fd63db005f8b54866d419abe89504
-
SHA256
58b223da1a35946090389dcfcb2a98f97aa3dc82fab22acc3214f4af7697573a
-
SHA512
a986d6335116a4d81b0a92b1a417c10468b5d819e085815b94a2828043eeaedf6968583f2ae8991125d516249afcbcce370ab276cd21edc2bba66e6b957c549c
Static task
static1
Behavioral task
behavioral1
Sample
Account details.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Account details.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.elittacop.com - Port:
587 - Username:
[email protected] - Password:
@eaSYuc8
Targets
-
-
Target
Account details.exe
-
Size
556KB
-
MD5
605bf3ac2dc392025ee5ad634175c532
-
SHA1
0b59ca04e25f42f814fa0ec20ceee0ee75b3044c
-
SHA256
522611d9bc8c8a566e73a6c1126e01da0814748e422fce48805949c152408868
-
SHA512
c555a860cb99d6ef283bec328b59f43ada20037395479329f61e8efcaec2fb406f719b9db69f45c9fbd8282d7783ee2bcf77db7b5f9566ee148afaf299f4d1f5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-