General
-
Target
peak.exe
-
Size
3.7MB
-
Sample
240328-rvffgahe68
-
MD5
eebe3fd6720cabdc477076f054829907
-
SHA1
f6056e84297b63c4cdaa5646697492d5705c9080
-
SHA256
7156621a3971908023b30ff150f96f72e9cd757dd0be4b514721c0e688c845cb
-
SHA512
00572e876baa9884e11875e3ef1e4d39a793c1165ffa5c98d8a753c1257f38791fda178483e0693826eff02cba7e8e0ae4b8a979bc505ab33ba763b002c72261
-
SSDEEP
98304:6wyZ0Cj88wMfPwozf3xdhdFUkGETCyukykgV8ja:699bftT3vhA4CyakgV8O
Static task
static1
Behavioral task
behavioral1
Sample
peak.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
peak.exe
-
Size
3.7MB
-
MD5
eebe3fd6720cabdc477076f054829907
-
SHA1
f6056e84297b63c4cdaa5646697492d5705c9080
-
SHA256
7156621a3971908023b30ff150f96f72e9cd757dd0be4b514721c0e688c845cb
-
SHA512
00572e876baa9884e11875e3ef1e4d39a793c1165ffa5c98d8a753c1257f38791fda178483e0693826eff02cba7e8e0ae4b8a979bc505ab33ba763b002c72261
-
SSDEEP
98304:6wyZ0Cj88wMfPwozf3xdhdFUkGETCyukykgV8ja:699bftT3vhA4CyakgV8O
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-