General
-
Target
ce535990d2974bc283104775e9908a38905eda87f15b998fa33a7e6d12c45007
-
Size
530KB
-
Sample
220521-pslhlabbdm
-
MD5
501fdfe7e1425f5bc02f1e7d8103f937
-
SHA1
ba0a0055be29a7091ce4dd77de85eef0b492f7e8
-
SHA256
ce535990d2974bc283104775e9908a38905eda87f15b998fa33a7e6d12c45007
-
SHA512
4b2570e306904abb5472843c24495bb74ce98a1a8a6ecbff03c57903f7056a7ba0225c4e995c23f37f6c3f12c6a52430252d94021693eedaa8fc0eea6fa9c173
Static task
static1
Behavioral task
behavioral1
Sample
INSPECTION FOR H&H - NEW ORDERS.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
INSPECTION FOR H&H - NEW ORDERS.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.nabf.com.au - Port:
587 - Username:
nancy@nabf.com.au - Password:
r%cd3=De!F8)?Q.VuK
Targets
-
-
Target
INSPECTION FOR H&H - NEW ORDERS.exe
-
Size
783KB
-
MD5
ebf7110acc5b8ed1a4dad99aacdd7760
-
SHA1
711edff9c18d35f584a304ed519952090c09558a
-
SHA256
c08b6cb15ec45d44bde739241acb6403f92bffc565a006c11cbfb4f9c10806e1
-
SHA512
25429eda4b71cd16dd796cf58ea7163a1dbd3671da891602789318f9412a1d14bd1429cd4d9acf3080afa60f6fb8a85671cf4c1f5ff13225f6da8686a4720c2c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-