General
-
Target
3e88c09381a0adaafc96b14317c7bad84ff62380bb4bb220ca618153b2a29b5f.exe
-
Size
469KB
-
Sample
221208-ns2ddahh28
-
MD5
9cd5ea2d2fdc3f6a69d0c87be7a64c22
-
SHA1
62b83c1c2f82185f2f62918e7b34d477c43b5fdc
-
SHA256
3e88c09381a0adaafc96b14317c7bad84ff62380bb4bb220ca618153b2a29b5f
-
SHA512
d4fe9b5b75b804b9ea9851a05f37b9f79cccf545e53c2c1e387bd1f69c31e2e84886796a5e4aa910744abd1121b76db055ec504ffc5652264b54799ebb7ebfbe
-
SSDEEP
12288:SIkGAjyp8qqxzmWnwsXz9L2xRmfipJ19SHWFH8Pmrb:SIkGAmDq5mWwsXZeRmkogH8Pm3
Static task
static1
Behavioral task
behavioral1
Sample
3e88c09381a0adaafc96b14317c7bad84ff62380bb4bb220ca618153b2a29b5f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3e88c09381a0adaafc96b14317c7bad84ff62380bb4bb220ca618153b2a29b5f.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5482315235:AAGwacbjVLMaBQENAXUuPyVg-cvhlK0vn-w/
Targets
-
-
Target
3e88c09381a0adaafc96b14317c7bad84ff62380bb4bb220ca618153b2a29b5f.exe
-
Size
469KB
-
MD5
9cd5ea2d2fdc3f6a69d0c87be7a64c22
-
SHA1
62b83c1c2f82185f2f62918e7b34d477c43b5fdc
-
SHA256
3e88c09381a0adaafc96b14317c7bad84ff62380bb4bb220ca618153b2a29b5f
-
SHA512
d4fe9b5b75b804b9ea9851a05f37b9f79cccf545e53c2c1e387bd1f69c31e2e84886796a5e4aa910744abd1121b76db055ec504ffc5652264b54799ebb7ebfbe
-
SSDEEP
12288:SIkGAjyp8qqxzmWnwsXz9L2xRmfipJ19SHWFH8Pmrb:SIkGAmDq5mWwsXZeRmkogH8Pm3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-