General
-
Target
d0d92051f8cf18b85682b3494745c04988710807ba214c8f8e538cdf1ce6c879
-
Size
480KB
-
Sample
220521-nd1tasdee9
-
MD5
9b34fac25afaabe32c8ae0b24f042340
-
SHA1
fa37f9aaa8f72a32664118bf58f146de3547fbbc
-
SHA256
d0d92051f8cf18b85682b3494745c04988710807ba214c8f8e538cdf1ce6c879
-
SHA512
9380bb8432cc7b5ad3a68538ef0c030eccc73a0e287c5c283a5ef97fcf43c68308e7db979fbcc098807ef436b71446949aa86db3e9c9e58e29e7ff9f6f4cfc31
Static task
static1
Behavioral task
behavioral1
Sample
Urgent Request For Quotation.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Urgent Request For Quotation.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.opporajasthan.in - Port:
587 - Username:
[email protected] - Password:
Systems@1234
Targets
-
-
Target
Urgent Request For Quotation.exe
-
Size
754KB
-
MD5
9541ca5939876653595e772b317a95d7
-
SHA1
96615dbb068a60b61b7fcd49e64f975ea8ad0eb3
-
SHA256
57f0d9523b9a5a8f269e77159fb6346fe71e9b49fc99782e01ebff37a7f489ad
-
SHA512
1505b2cb7f615071ad69c8aaf774505dd09a2ed166c33d0ece1bd4b3d6cf4054b6830e3081322d7e605b91079ea210a57f8f06a38e143500864118774a07d511
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-