General
-
Target
f653a833dc5f9e90080a5b4386902ad181df70d752bc5b1cd0f75a8c6e77c464
-
Size
848KB
-
Sample
220521-nyfc4aecf8
-
MD5
77ba828ba0d59b53fe34a4d1889bc62b
-
SHA1
2151708322a905f214187d68bec999d040cb3141
-
SHA256
f653a833dc5f9e90080a5b4386902ad181df70d752bc5b1cd0f75a8c6e77c464
-
SHA512
354d068c3bc2139c4d39a6ddf474bae0c63ec872c28658673e092b5e32a21181bdb766404987887e82e9fb4222901e83abb562cc98e87572b83d8bf3adfa4601
Static task
static1
Behavioral task
behavioral1
Sample
inquiry.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
inquiry.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.millndustries.com - Port:
587 - Username:
chukwuyem@millndustries.com - Password:
{zdog:g7S@R3
Targets
-
-
Target
inquiry.exe
-
Size
979KB
-
MD5
3df9ee44da41fc41753cafdf75234424
-
SHA1
915ec20d7923abd63d73827f9800cd04efb06314
-
SHA256
0de02fe1d36c7dc18f12a9eb8c398158c474699f8471177b2b2d190b6c0ce3c5
-
SHA512
04fec1ddcf4927bd80759f92e4a5c8094b1746837775ed6852244b6eccd8734b65bd78a3c093b5474a3cccdfa778b99a9a761be597944781e23ab1354a594080
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-