General
-
Target
a0e4e94c8053ec121c0f5735ee40a857cb8906df804f2fc17b5f9d04193ca3b9
-
Size
1.3MB
-
Sample
220521-n98tsaehd9
-
MD5
77512f31f7620cbb31e557dccccb063e
-
SHA1
ecff93a46fd5f6cf105431e9c561de72ac613a44
-
SHA256
a0e4e94c8053ec121c0f5735ee40a857cb8906df804f2fc17b5f9d04193ca3b9
-
SHA512
b888c0db2c1769ced73d47d4996011fcac46679bdf8dd341482c8c852fa08768f6f0e8ac22007f414cca4956981f16e4302b641b62fc5395cc0c337ea4a4de65
Static task
static1
Behavioral task
behavioral1
Sample
1604228P.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1604228P.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dogulumetal.com - Port:
587 - Username:
tamerdogulu@dogulumetal.com - Password:
DMaslak2950**
Extracted
Protocol: smtp- Host:
mail.dogulumetal.com - Port:
587 - Username:
tamerdogulu@dogulumetal.com - Password:
DMaslak2950**
Targets
-
-
Target
1604228P.EXE
-
Size
802KB
-
MD5
c5c2e7ed751bf5a92f4db09770c36233
-
SHA1
34d5f8d03829f0150d2900ffc8a899bfce4724f5
-
SHA256
57dcf40358fb6f41a6b1e68d380f85db9aa67481f25fa8df5a56e8ae5ec36eb5
-
SHA512
dae1a77e9c90ebe6373078660e0642a8c6686cf6deb5396a4d58281f1c15d7925d2b258c345e62f321502d3fb96c88b03727fafaddf12b82fafb77dbccffb40d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-