General
-
Target
abc25bebac98ea131ee3197ca6c68e52c376d6aa8228e09aa6c9fab636a88f99.exe
-
Size
905KB
-
Sample
221207-q6egwafa93
-
MD5
4c2b147d3cfd4c3e446101690536eb84
-
SHA1
b312792fd8ad230aefec259161cdc052aa1ab3a6
-
SHA256
abc25bebac98ea131ee3197ca6c68e52c376d6aa8228e09aa6c9fab636a88f99
-
SHA512
e76808bc82dbeb7ee36894e3c21efd73356df2bfc18b450dbf63187e63ed6284dd8ec66ad35351c7538b84914eb23fa7e7536097fafbcac725574e41b07e69ab
-
SSDEEP
24576:vaejZnbCkIGnG3ch9YoWbT09oxRwjlaaBXeAv:CejZnbCkIGnrr/W/cFeA
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
@VintaGE319#@Nh# - Email To:
[email protected]
Targets
-
-
Target
abc25bebac98ea131ee3197ca6c68e52c376d6aa8228e09aa6c9fab636a88f99.exe
-
Size
905KB
-
MD5
4c2b147d3cfd4c3e446101690536eb84
-
SHA1
b312792fd8ad230aefec259161cdc052aa1ab3a6
-
SHA256
abc25bebac98ea131ee3197ca6c68e52c376d6aa8228e09aa6c9fab636a88f99
-
SHA512
e76808bc82dbeb7ee36894e3c21efd73356df2bfc18b450dbf63187e63ed6284dd8ec66ad35351c7538b84914eb23fa7e7536097fafbcac725574e41b07e69ab
-
SSDEEP
24576:vaejZnbCkIGnG3ch9YoWbT09oxRwjlaaBXeAv:CejZnbCkIGnrr/W/cFeA
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-