General
-
Target
12990362FCB5224DFA15ED3A0B2592F92F63E4B2436825F2DEA2C337B7EA1154
-
Size
519KB
-
Sample
221123-r2g8msab54
-
MD5
7df034292eedcf884efd8254629d4fdb
-
SHA1
cd36134a65a415928ac09aefbcc190cdbeecf211
-
SHA256
12990362fcb5224dfa15ed3a0b2592f92f63e4b2436825f2dea2c337b7ea1154
-
SHA512
7e4524c666a87b983720df5382ec1fcec9abf746133ea4a441b6d69141df2b03f43fbe9bf3080796324ca12625c9d60130fbe32ee6fd2877020d638a647305bd
-
SSDEEP
12288:UB62S7widmbQawQjYGivNeaBeN8OTf1LVpf0q:SS7wiMQaw2YGiTsfV7x
Static task
static1
Behavioral task
behavioral1
Sample
Shipping_Document-Invoices/Shipping_Document-Invoices.exe
Resource
win7-20221111-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5349655878:AAGnMhpzchQYN5RbZ88-w3gvA1SNsxWo7ts/
Targets
-
-
Target
Shipping_Document-Invoices/Shipping_Document-Invoices.exe
-
Size
879KB
-
MD5
0a077e5e133a8e9a32114df50882d86a
-
SHA1
b0015c4518867c66c2c57a0ec2db896c22516884
-
SHA256
aa632ae086499d0662fb4c362e0af726190cd4011b9d8285bcb175651d3d503a
-
SHA512
9a61d2dcd1c4dafdf5bce2145583570e83a5b1fb8ddbbeb42b077c9de70c4c064b4a9848b4b7249f8e78c1b719354c5645de4e8960b00b0acbffee22758478db
-
SSDEEP
24576:mHAYCwNaKPGUz7VLGMl/yejKBkj5hmGvvPBcwnM4T:mg9wYKPpzxXikVhmYnBcwMu
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-