General
-
Target
8vP60HbFlryaXUJ.exe
-
Size
698KB
-
Sample
221126-nen6wsdh4s
-
MD5
749dd3529f51598cf860e00ec94c93bd
-
SHA1
80c6b3e55d64d6e070b8e365adb4bf2fef48461e
-
SHA256
aa03fe484ef1ecfcf467e1940aff0af9ce3ca61329f461eeabcfa58caeaf65fa
-
SHA512
b7ff639fa1367840e5694b7e60b1cc35131c27c82b8d489beb0f3b80d14beb0946392c9c4bd24db947c12ca5050b2841cc12017e20d766c402e4d8463d495b35
-
SSDEEP
12288:Ga7dddl4MvM08zrbETCl6gIRDPHsAOKu8FX7XCr/uaFzkkFg/IyXCD8Hk5:GaZv1U0876C8gEDH77FXL6maqkFg/IyG
Static task
static1
Behavioral task
behavioral1
Sample
8vP60HbFlryaXUJ.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
8vP60HbFlryaXUJ.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mktron.in - Port:
587 - Username:
[email protected] - Password:
VZZUQXTDyMCZ - Email To:
[email protected]
Targets
-
-
Target
8vP60HbFlryaXUJ.exe
-
Size
698KB
-
MD5
749dd3529f51598cf860e00ec94c93bd
-
SHA1
80c6b3e55d64d6e070b8e365adb4bf2fef48461e
-
SHA256
aa03fe484ef1ecfcf467e1940aff0af9ce3ca61329f461eeabcfa58caeaf65fa
-
SHA512
b7ff639fa1367840e5694b7e60b1cc35131c27c82b8d489beb0f3b80d14beb0946392c9c4bd24db947c12ca5050b2841cc12017e20d766c402e4d8463d495b35
-
SSDEEP
12288:Ga7dddl4MvM08zrbETCl6gIRDPHsAOKu8FX7XCr/uaFzkkFg/IyXCD8Hk5:GaZv1U0876C8gEDH77FXL6maqkFg/IyG
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-