General
-
Target
Mars.exe
-
Size
7.5MB
-
Sample
240423-3zrvvach99
-
MD5
9a33f57b10f596434250189e0256c478
-
SHA1
cdb0cb462d096e89edebcd928b7b400d3d91f0db
-
SHA256
2f197a7f01a432bd63fb008e8b005c6eeb4db0df80284ce9d9756b31942ea4fb
-
SHA512
22e672e74a535bfb0571e6751ccd16ecfed047957838a5481fb4907ab564b6fa04fc5265a915904f6dba81b82419b60ebaa85d17b8f5daaaaea814bec482e13c
-
SSDEEP
196608:ot3HZCNIAJWh3fl3Y1WgqyXZBjPet3PbUy33ky:CcgP4WgqwPetbZ
Malware Config
Targets
-
-
Target
Mars.exe
-
Size
7.5MB
-
MD5
9a33f57b10f596434250189e0256c478
-
SHA1
cdb0cb462d096e89edebcd928b7b400d3d91f0db
-
SHA256
2f197a7f01a432bd63fb008e8b005c6eeb4db0df80284ce9d9756b31942ea4fb
-
SHA512
22e672e74a535bfb0571e6751ccd16ecfed047957838a5481fb4907ab564b6fa04fc5265a915904f6dba81b82419b60ebaa85d17b8f5daaaaea814bec482e13c
-
SSDEEP
196608:ot3HZCNIAJWh3fl3Y1WgqyXZBjPet3PbUy33ky:CcgP4WgqwPetbZ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-