General
-
Target
075f05a22016cc966565d0a43edb434dafd851284b574ba234163e00268ce6ab
-
Size
3.3MB
-
Sample
240422-w5he2aef51
-
MD5
d21be82ff68e2f40975edb49b8f8721e
-
SHA1
1f8e57a00e5f292650755f973ade6e9a069f98aa
-
SHA256
075f05a22016cc966565d0a43edb434dafd851284b574ba234163e00268ce6ab
-
SHA512
20e83c68650091b9769d4167e969840f89c2278a0706813957c0cd676ca5e6f6ac50ecbedf6fa1ef5fa5e97b8f2c1390747f134056c5c042065b19ecd33b6177
-
SSDEEP
49152:QVCzQ9v/CximWcAx4yfs0IKaU6TpSaXaZVm7MGE3vIkIDh2wlHt6N/aMpeC:6CzQe/WVsHtUspj7JE3vIkIDswlM
Static task
static1
Behavioral task
behavioral1
Sample
075f05a22016cc966565d0a43edb434dafd851284b574ba234163e00268ce6ab.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
075f05a22016cc966565d0a43edb434dafd851284b574ba234163e00268ce6ab
-
Size
3.3MB
-
MD5
d21be82ff68e2f40975edb49b8f8721e
-
SHA1
1f8e57a00e5f292650755f973ade6e9a069f98aa
-
SHA256
075f05a22016cc966565d0a43edb434dafd851284b574ba234163e00268ce6ab
-
SHA512
20e83c68650091b9769d4167e969840f89c2278a0706813957c0cd676ca5e6f6ac50ecbedf6fa1ef5fa5e97b8f2c1390747f134056c5c042065b19ecd33b6177
-
SSDEEP
49152:QVCzQ9v/CximWcAx4yfs0IKaU6TpSaXaZVm7MGE3vIkIDh2wlHt6N/aMpeC:6CzQe/WVsHtUspj7JE3vIkIDswlM
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Detects executables manipulated with Fody
-
Detects executables packed with Agile.NET / CliSecure
-
Detects executables packed with Babel
-
Detects executables packed with Dotfuscator
-
Detects executables packed with Goliath
-
Detects executables packed with SmartAssembly
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-