General
-
Target
29f792839c38af93ae576b6260ac43e8_JaffaCakes118
-
Size
559KB
-
Sample
240329-xgp1msfh55
-
MD5
29f792839c38af93ae576b6260ac43e8
-
SHA1
c30645475fdcde42e8bf5211f0948ceccfa678ee
-
SHA256
7955200ffc3c887f2f0c65bb4b022bd910d6be472e44bdeab4285231b074eb3d
-
SHA512
cda1b5bee7b127a11e707353f3f94a8d495cc25edca2bde89f70d2c94e9738aedc17f27d3579e51380570a2eb219ae0fa9996a9e8796b883b1d903cd286673dc
-
SSDEEP
12288:xSs2hAl+aBSRvSDEMwrhoyhtK0r4JM0tyYluw2p8sLxar1Tw:sXAlxY2EMaWyKY4D72p8AarS
Static task
static1
Behavioral task
behavioral1
Sample
gwOALTMShW0g0JN.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
gwOALTMShW0g0JN.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.polastarline.com - Port:
587 - Username:
[email protected] - Password:
donblack12345
Targets
-
-
Target
gwOALTMShW0g0JN.exe
-
Size
713KB
-
MD5
707621bacd32d4ab21b17157216d3032
-
SHA1
2318a47d090ab212c924814da86488130f7d8b2c
-
SHA256
29286d65248d0005ca9c13110d5563b892150291ff16086b29938050a746251f
-
SHA512
5dabd58015ea9534e35a43114eb145c4b73e0c2f778ac8b5f0d150e2b58961b49f104b8cca4e07d1ad434ee7903fd987a9b80d72b6b738640629d11d19dcc5d6
-
SSDEEP
12288:YFhvyUi0gu1EMwvhsyhpK8t4BU+fyuZuwkp8sL3cr13q:YLqUigEMEey604hzkp8UcrA
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-