General
-
Target
ec27d6aca060dae9806ec19bd3452df42c3b69cabcc60229fe97b97d3a4d0d2b
-
Size
454KB
-
Sample
220521-nyplrsecg6
-
MD5
296953bd239370bf6d8f9db8bb9978fb
-
SHA1
fd679c06f36071be50dd63c115ef853812117557
-
SHA256
ec27d6aca060dae9806ec19bd3452df42c3b69cabcc60229fe97b97d3a4d0d2b
-
SHA512
7e18e9f4c7fb543ad747fab411c3ccee7c57ba821f7835c8afbe8f0498088a678c70ff691e4695cd5d8b0d20af474622a6e784b72a3d42697718a0b3a5eee52b
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.millndustries.com - Port:
587 - Username:
chukwuyem@millndustries.com - Password:
{zdog:g7S@R3
Targets
-
-
Target
Urgent inquiry.exe
-
Size
495KB
-
MD5
36350602d9a37e921998b2ee96bae241
-
SHA1
84f9d292ba5bbe99c2e65b043b63a35a757dc17f
-
SHA256
4e726429d1751d3fc0c35bc8b89e643203cbee6475a7d81be840bffd3b340713
-
SHA512
389ed96cd32441ea6a0bbf5957f0c54e10fd6139c45398e27362ee74aba939c379998192079283841abcef2bdf735d592a9c15f2ff1a933e07f17104ad5f01f5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-