General
-
Target
65c72bf3dc1578f9c05bb413361e327e87061051f906e8f77b4b9a4a4364cb26
-
Size
601KB
-
Sample
221206-pd4evsgb69
-
MD5
128654730409866020e77b9e55058085
-
SHA1
175f61b8555bbada0745a02efad46d61be0cb8e4
-
SHA256
65c72bf3dc1578f9c05bb413361e327e87061051f906e8f77b4b9a4a4364cb26
-
SHA512
cef31eaef0043e0002c43850ebd5d5b4c1e5a06fe0ae435331c20b72bb88bcd48fd46af8602f58e53567fe508ede8c4afa518d48894a6cda4049698e3c156d46
-
SSDEEP
12288:1x3MopUon7IMwM8EzwllEoWo6ACRSABfUnGTRpHdfW5BDwYRfi+dHo3hmdiy3Z7c:k6ACRSuU8h9WPxHo3kTlc
Static task
static1
Behavioral task
behavioral1
Sample
65c72bf3dc1578f9c05bb413361e327e87061051f906e8f77b4b9a4a4364cb26.exe
Resource
win7-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mktron.in - Port:
587 - Username:
[email protected] - Password:
VZZUQXTDyMCZ - Email To:
[email protected]
Targets
-
-
Target
65c72bf3dc1578f9c05bb413361e327e87061051f906e8f77b4b9a4a4364cb26
-
Size
601KB
-
MD5
128654730409866020e77b9e55058085
-
SHA1
175f61b8555bbada0745a02efad46d61be0cb8e4
-
SHA256
65c72bf3dc1578f9c05bb413361e327e87061051f906e8f77b4b9a4a4364cb26
-
SHA512
cef31eaef0043e0002c43850ebd5d5b4c1e5a06fe0ae435331c20b72bb88bcd48fd46af8602f58e53567fe508ede8c4afa518d48894a6cda4049698e3c156d46
-
SSDEEP
12288:1x3MopUon7IMwM8EzwllEoWo6ACRSABfUnGTRpHdfW5BDwYRfi+dHo3hmdiy3Z7c:k6ACRSuU8h9WPxHo3kTlc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-