General
-
Target
19bd376d4febdfc512a5e1242c79a9a0e2b77c007a09ae07b05a656957a42618
-
Size
662KB
-
Sample
220521-pynvxagbh4
-
MD5
101543f1806d201c652031dab1181b94
-
SHA1
dae91b6a5431d0daf8fc578477df10c2812bb9f2
-
SHA256
19bd376d4febdfc512a5e1242c79a9a0e2b77c007a09ae07b05a656957a42618
-
SHA512
0b5845f63b7a5842f839400ac332129b93113e315798d6e27ed152c8dfef769adfa0abe0b2cbcf9fc768039537451707b2708f855424890315745de2e1742f6c
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase Order.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Purchase Order.exe
-
Size
601KB
-
MD5
8b622390bd7c3a881878b740857c506b
-
SHA1
2f683c3dd410f542383eebfaa033dc3c47d1afec
-
SHA256
7a53181aa1e3f435bf2036ddff15a7e8e3382bfceade53abd9f3a6e14ed2cf5b
-
SHA512
73df2a62e0f389f4bcbae6b012ea0ba82bcc335a21746efcfd9f34d0d712249a743ea78d845e8d08abbf492ceb8471135af98489a2857630d8c5d3f60691a83b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-