General
-
Target
SecuriteInfo.com.Win32.MalwareX-gen.12374.8764.exe
-
Size
3.1MB
-
Sample
240222-nh9xrsgd21
-
MD5
38efd309bef8f9d5e339b48fe5c71672
-
SHA1
997e2fd2c0374cc5c151910e6639fe1833bb4403
-
SHA256
8af02548debe64b5b38f97d8b066e193cb1dbbf605939ca71271164847b8de85
-
SHA512
0cb298995b8096675397cfcc264afe2477f97ba57df3198b2dd84748811954c0beeb0e87451c261cbb8e59afc47e98cc558e63d03ef990ddf9044fde4d67ffda
-
SSDEEP
49152:2+PsGH0UVM+0LJ/SRHwGckleJU/U5A50K2rpn3VQdxPYneabOIc0/S7jU0h2OGoc:RsGH0yKSfU5A50DRVF/S7w0DG5Wod
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Win32.MalwareX-gen.12374.8764.exe
-
Size
3.1MB
-
MD5
38efd309bef8f9d5e339b48fe5c71672
-
SHA1
997e2fd2c0374cc5c151910e6639fe1833bb4403
-
SHA256
8af02548debe64b5b38f97d8b066e193cb1dbbf605939ca71271164847b8de85
-
SHA512
0cb298995b8096675397cfcc264afe2477f97ba57df3198b2dd84748811954c0beeb0e87451c261cbb8e59afc47e98cc558e63d03ef990ddf9044fde4d67ffda
-
SSDEEP
49152:2+PsGH0UVM+0LJ/SRHwGckleJU/U5A50K2rpn3VQdxPYneabOIc0/S7jU0h2OGoc:RsGH0yKSfU5A50DRVF/S7w0DG5Wod
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-