General
-
Target
12ea1945c3ad58e5b1c9e32028fe06293603b518aa41a83907c80ccec0303a4e
-
Size
1000KB
-
Sample
220521-pc7qwsfaf7
-
MD5
ac626129ccb4d5d649f71289076daff7
-
SHA1
015588bc93375bec0ad0515168344f73ea6f0ae4
-
SHA256
12ea1945c3ad58e5b1c9e32028fe06293603b518aa41a83907c80ccec0303a4e
-
SHA512
5b56d9005308dcd0eaa614016419c2928c3b43218c5416803659dedff1e5b335f30ce935fb776627f005077678a1f08da4e51227abc39caa024cb73fb422200a
Static task
static1
Behavioral task
behavioral1
Sample
quotation,pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
quotation,pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.1and1.mx - Port:
587 - Username:
fpalmab@marelub.com.mx - Password:
Mare1##007
Extracted
Protocol: smtp- Host:
smtp.1and1.mx - Port:
587 - Username:
fpalmab@marelub.com.mx - Password:
Mare1##007
Targets
-
-
Target
quotation,pdf.exe
-
Size
938KB
-
MD5
4ef80cd3ca8c2ca4a8ff0e932d68eab7
-
SHA1
a6091f0320d4bb07af3dc30869e2128b3427d2d0
-
SHA256
dfa3383539e38b2ee4b96d6bf2b1f89e2d1923f5fa533bb77276c09d3300e2ea
-
SHA512
3217680f8d8943becd9cb5b9bf777d21e2d2b52f8971d4c1598c0367674ff7891ac7081a0600b8a5e9cebd903b82a920ef64e544f497d581cf79bcde84c569c4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-