General
-
Target
4fb00a91b1354d8420917f016c2f314aab25daa92fb3ed07f848ff22a5cdd5ff
-
Size
471KB
-
Sample
220521-n8bgwsegf4
-
MD5
6b6fc6f6785c6518ddfafd386327ba74
-
SHA1
9acfbf401ffe024bd7679a3e4db8939a44bcca7c
-
SHA256
4fb00a91b1354d8420917f016c2f314aab25daa92fb3ed07f848ff22a5cdd5ff
-
SHA512
4ab3455ee3fe68d97fd77311e507db754658f5f9667eb7c3ca51419e2278724c581e0b21abb7f99b10099856dfd39095a2ebe63d5129592288b7f6b1a771cf9c
Static task
static1
Behavioral task
behavioral1
Sample
9e0braIF6GqN11c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
9e0braIF6GqN11c.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
jonathan.grupomonge@yandex.com - Password:
j4k4rta234
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
jonathan.grupomonge@yandex.com - Password:
j4k4rta234
Targets
-
-
Target
9e0braIF6GqN11c.exe
-
Size
593KB
-
MD5
2a2e788233378b34631ff35bd458bae3
-
SHA1
cc2e92b599721366c21ff0ce8f58c64f8c7e7e6d
-
SHA256
162a5aa5e6e0298edbae1a494d2a3e177f0fb42b1c2e35eaecdbe1715d519694
-
SHA512
cfebcd3315fa42733c8f3780abea85c8f45630b3899e1d1fc25cc60df1ee33321d2f81c8d8105cbc4034b14de40fc82e609ea06ae73460875a56194773ff026e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-