General
-
Target
4f8acbd7a6e5a07f4efeb296457cc41ae7fef2360a34732620e58a4cce6d9936
-
Size
599KB
-
Sample
220521-pbyftsabgp
-
MD5
3d7e230ceef30ad4d9ec1f9259dfb68a
-
SHA1
f580f67a55a1b0615beca5a9fa53ce2dfcadf5db
-
SHA256
4f8acbd7a6e5a07f4efeb296457cc41ae7fef2360a34732620e58a4cce6d9936
-
SHA512
c63caeb5d88ca24b72c666710736ef775d3cd8ba302d0d0f26c1df7109062611f0f0da4bb00b2c3cd96eba94396a32b81791db53e483183b2b408b9d136a019e
Static task
static1
Behavioral task
behavioral1
Sample
PROFORMA INVOICE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PROFORMA INVOICE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.dedhivala.com - Port:
587 - Username:
cs@dedhivala.com - Password:
enrk7Azx
Targets
-
-
Target
PROFORMA INVOICE.exe
-
Size
748KB
-
MD5
e99a9f525ab9a57bb4383e7f36d76440
-
SHA1
2e0055c754cd2b4f547ef559537923ddc041fe39
-
SHA256
6ae3a5e35dabdf5e52d854c2a9b230008cdcec3ea9b2d3b9227ca419abd62c4c
-
SHA512
26052078ced24c61910b92ca78d0e424925421a833a65afa5686ff87bb7b06cee2413a11094a54074b02d766f1796f7cdf35dcc0e6d7718cb547cd059ef30381
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-