Resubmissions
03-12-2023 00:19
231203-amk8bage59 10General
-
Target
SaturnX-F2.exe
-
Size
2.9MB
-
Sample
231203-amk8bage59
-
MD5
406377b13d97be6601b006bd542ebed7
-
SHA1
65a9cc706a89c0d0bd832ed0af5cb2b06826711c
-
SHA256
2ab087bb4ed0cd582d516182549de9755c5972a8955cddaa95675e93610cb993
-
SHA512
02c0143c6a8da45325dc3b912ae9b517d6007d55af6da9f35638bd9160693a8ec7d4b7794728d32eea93d42d8a0857f1d475489bd1e1daefb98639b0ea5bef84
-
SSDEEP
49152:gxlRxlWfZ628CpyVEiUa5z8QE2j8e4go6oQhZsukz:gPRPWfM27b7e4go6xhZsD
Malware Config
Targets
-
-
Target
SaturnX-F2.exe
-
Size
2.9MB
-
MD5
406377b13d97be6601b006bd542ebed7
-
SHA1
65a9cc706a89c0d0bd832ed0af5cb2b06826711c
-
SHA256
2ab087bb4ed0cd582d516182549de9755c5972a8955cddaa95675e93610cb993
-
SHA512
02c0143c6a8da45325dc3b912ae9b517d6007d55af6da9f35638bd9160693a8ec7d4b7794728d32eea93d42d8a0857f1d475489bd1e1daefb98639b0ea5bef84
-
SSDEEP
49152:gxlRxlWfZ628CpyVEiUa5z8QE2j8e4go6oQhZsukz:gPRPWfM27b7e4go6xhZsD
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-