General
-
Target
SecuriteInfo.com.Win64.TrojanX-gen.5439.21008.exe
-
Size
675KB
-
Sample
221206-g8cavsbh85
-
MD5
3b6ca488cd7f00b65b0ccd47ff66043f
-
SHA1
4132750b8539272420e1534f30ff2f1bf21bd26c
-
SHA256
7af26d4be02ea118637294df3174174d700125c33a442179cf6786ed96acb6ef
-
SHA512
faf96e9ea21895bd20651a7c36ec283363c3f1abd965187a3be58f32d7121bb1dfbe1b8aec1ec07cd03b1d31af87bf3dca1d6c5d39fa84db49c7cbfe8b8e8e1c
-
SSDEEP
12288:emlf9JHHuuaHzXXpStQWjGhwAF6d5iupgw7pfZ9/4tmTsOAG:ZfHH0HzXX0zCF6d5fpNx7/hsO7
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win64.TrojanX-gen.5439.21008.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win64.TrojanX-gen.5439.21008.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5705602282:AAFcwBeX9coGMKJeokPZOq06CS7N1H2rCJI/
Targets
-
-
Target
SecuriteInfo.com.Win64.TrojanX-gen.5439.21008.exe
-
Size
675KB
-
MD5
3b6ca488cd7f00b65b0ccd47ff66043f
-
SHA1
4132750b8539272420e1534f30ff2f1bf21bd26c
-
SHA256
7af26d4be02ea118637294df3174174d700125c33a442179cf6786ed96acb6ef
-
SHA512
faf96e9ea21895bd20651a7c36ec283363c3f1abd965187a3be58f32d7121bb1dfbe1b8aec1ec07cd03b1d31af87bf3dca1d6c5d39fa84db49c7cbfe8b8e8e1c
-
SSDEEP
12288:emlf9JHHuuaHzXXpStQWjGhwAF6d5iupgw7pfZ9/4tmTsOAG:ZfHH0HzXX0zCF6d5fpNx7/hsO7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-