General
-
Target
ToX Premium Utility v2.2.exe
-
Size
16.0MB
-
Sample
240329-sh7jvsbf66
-
MD5
66c8c9ada0060c91c74387feedc9cd9b
-
SHA1
f50449be945321e9fdb8bd5844a33d979f28f98e
-
SHA256
b9c18ef61a449ae2b7a6a103544b7cd7f851039c2c9d660befbeb0bab40ace5d
-
SHA512
310b438512cfa0482cb20b6246b747c3aa513705a5ad6f3dc1ad01d7c60511ea08a6cd5120b8715992cd04f0526816062e734eb0026fce91df6f23334158ac40
-
SSDEEP
196608:6l5D6g1Bn5g5vNdrdvfHq1X2DbbDU+GiT2ByiZ0gxNm/5:6lccwfHvfHq1X2TIFiwxNmh
Static task
static1
Malware Config
Targets
-
-
Target
ToX Premium Utility v2.2.exe
-
Size
16.0MB
-
MD5
66c8c9ada0060c91c74387feedc9cd9b
-
SHA1
f50449be945321e9fdb8bd5844a33d979f28f98e
-
SHA256
b9c18ef61a449ae2b7a6a103544b7cd7f851039c2c9d660befbeb0bab40ace5d
-
SHA512
310b438512cfa0482cb20b6246b747c3aa513705a5ad6f3dc1ad01d7c60511ea08a6cd5120b8715992cd04f0526816062e734eb0026fce91df6f23334158ac40
-
SSDEEP
196608:6l5D6g1Bn5g5vNdrdvfHq1X2DbbDU+GiT2ByiZ0gxNm/5:6lccwfHvfHq1X2TIFiwxNmh
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-