General
-
Target
01273b2573e62ff5f168823ab8e810f579ac9e60fa52b3b6b52964909adbf4fb.exe
-
Size
1.0MB
-
Sample
221208-pyg3csda3x
-
MD5
7e17cb19dfe0c10bae93925843e3d565
-
SHA1
333a1965265b1979f58ed99e01ce9d29af349e04
-
SHA256
01273b2573e62ff5f168823ab8e810f579ac9e60fa52b3b6b52964909adbf4fb
-
SHA512
572ce685c3fcd03f9840771c12019a2937e0c109d5113a7d8b98b469859afdf5c6de2ab36151aee6bf430cccaf79d380bce60fa7a5919a910259b9e07c7a5f03
-
SSDEEP
12288:3Ye7Vh2iNUsZ1DX/VDJEQwS59ZdofK0vcsrDi1+3cSqFBaoX4ozuUsxtCT4OYFok:R1uv8jEK00sRclFBadnUsxt9y2qdOB
Static task
static1
Behavioral task
behavioral1
Sample
01273b2573e62ff5f168823ab8e810f579ac9e60fa52b3b6b52964909adbf4fb.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
01273b2573e62ff5f168823ab8e810f579ac9e60fa52b3b6b52964909adbf4fb.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
madina@eliteshomecollection.com - Password:
@VintaGE319#@Nh# - Email To:
elite@eliteshomecollection.com
Targets
-
-
Target
01273b2573e62ff5f168823ab8e810f579ac9e60fa52b3b6b52964909adbf4fb.exe
-
Size
1.0MB
-
MD5
7e17cb19dfe0c10bae93925843e3d565
-
SHA1
333a1965265b1979f58ed99e01ce9d29af349e04
-
SHA256
01273b2573e62ff5f168823ab8e810f579ac9e60fa52b3b6b52964909adbf4fb
-
SHA512
572ce685c3fcd03f9840771c12019a2937e0c109d5113a7d8b98b469859afdf5c6de2ab36151aee6bf430cccaf79d380bce60fa7a5919a910259b9e07c7a5f03
-
SSDEEP
12288:3Ye7Vh2iNUsZ1DX/VDJEQwS59ZdofK0vcsrDi1+3cSqFBaoX4ozuUsxtCT4OYFok:R1uv8jEK00sRclFBadnUsxt9y2qdOB
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-