General
-
Target
0eed12f0dcf05f910bfe683b838cd62fcfe68bdee03d708b63ab84249a95937f
-
Size
369KB
-
Sample
220521-ppbtzsfga5
-
MD5
2b24821fa20533358eb3d0b763c82755
-
SHA1
277a84f696034e01ce1797f8acd537db9b9c351b
-
SHA256
0eed12f0dcf05f910bfe683b838cd62fcfe68bdee03d708b63ab84249a95937f
-
SHA512
164e23aadf1159bfc4f624e961d88dcca15654de60e1b24b1ffe8b2b42467cb16ef6c7d06879e6e79e72ef24e82ad471c6e244d971a4e036fdbdb68e5ed54141
Static task
static1
Behavioral task
behavioral1
Sample
swift_copy2020710_XLS.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
swift_copy2020710_XLS.scr
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server266.web-hosting.com - Port:
587 - Username:
serviceline@cgcropglobal.com - Password:
HCBo3_tl-nKP
Extracted
Protocol: smtp- Host:
server266.web-hosting.com - Port:
587 - Username:
serviceline@cgcropglobal.com - Password:
HCBo3_tl-nKP
Targets
-
-
Target
swift_copy2020710_XLS.scr
-
Size
417KB
-
MD5
ccbd8c021b03a2815dc6cd096e353149
-
SHA1
3943d0682253590fcecc36fd4124964df4b156ca
-
SHA256
4014ffe3401353775e6629a83400a9b34768c6127eff3d4b12b042290c9ed80d
-
SHA512
f6a92c9ae8dac905f032ceae94b84c5b672500405b3f701e81527382c6003ddcc830b746bef1ae3963c1271907175674b50844cce1b3d05d946095adc46af88c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-