General
-
Target
REX_Obfuscator.rar
-
Size
3.1MB
-
Sample
240326-kgla8sec99
-
MD5
f162d62f61055f2bfb7dd35a60265502
-
SHA1
808a61bcbbea08359fa8b5767a64ecf49fd74895
-
SHA256
e3f18448db706644cd729bf5be9d94dd322cf4d00f439a9ca0b1768afb1de9d9
-
SHA512
a659dc4253cb31c43582d6d289775dc0f15bd346f198fd5a7d406db2d808193a5352c19a9218d995495967f56d59e7391732c8b7ff5337c5b097146c90a05d32
-
SSDEEP
98304:V/EBAJEKyDruwrL5bjJOYHHoUZo55JtQ/5knvxz4:xSKoruItjJOoHo35NSOJz4
Static task
static1
Malware Config
Targets
-
-
Target
REX Obfuscator.exe
-
Size
4.1MB
-
MD5
6b5501b9e9a8ca4e53b3ea6f0d0f1db9
-
SHA1
19df7d4b6aabf5d72d3ffe89e4ec130ff1001124
-
SHA256
f3a45fdc397b1eec7c45664681d566cb68d36701c1f1754ddc2dcb9a439a70f8
-
SHA512
3970a9e72dcaf82acf0a32c2bceb3ab2bb87614d79e893a318fbc5971f41a310911037ce5c4081aaebb7084ba9747a5d8a020ac8032fbfc8c1c1aabaf6b888a9
-
SSDEEP
49152:kUUd3LmqgfVwPns0hPEwNYRjLDtAgEGiSKbKmdQxrOL79l523xLJcIF:kUUd3L9gt2h8IYRjL5AHFSKO5g9l520g
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-