General
-
Target
159d36349345ca52724710b6225081ec3670c3e0aa16fa682d1d7deb4a427614
-
Size
3.4MB
-
Sample
240428-bjn1gacf23
-
MD5
82e2f43ee7b3db45b0d94d573d25d387
-
SHA1
35dbdcfdebf8589a447980c2208afa168c156a1e
-
SHA256
159d36349345ca52724710b6225081ec3670c3e0aa16fa682d1d7deb4a427614
-
SHA512
1c6f75f7cbc75e13e0006eb7e776d0d5e58e9fe8f5ef82b823e2fef1f9716fd4fb24b7dcbdf4f66d2246883b3ff344d4cbc0bb6d8d3d38bf84edc1986329b7e6
-
SSDEEP
98304:2YPJLnwy50Q3E9prX6emNXjjP+8+fuj49yREFc:rPJD2QGrX6eOP9GpAREFc
Behavioral task
behavioral1
Sample
159d36349345ca52724710b6225081ec3670c3e0aa16fa682d1d7deb4a427614.exe
Resource
win7-20240215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.grandanatoliahotel.com - Port:
587 - Username:
[email protected] - Password:
rruuggeedd12.Z - Email To:
[email protected]
Targets
-
-
Target
159d36349345ca52724710b6225081ec3670c3e0aa16fa682d1d7deb4a427614
-
Size
3.4MB
-
MD5
82e2f43ee7b3db45b0d94d573d25d387
-
SHA1
35dbdcfdebf8589a447980c2208afa168c156a1e
-
SHA256
159d36349345ca52724710b6225081ec3670c3e0aa16fa682d1d7deb4a427614
-
SHA512
1c6f75f7cbc75e13e0006eb7e776d0d5e58e9fe8f5ef82b823e2fef1f9716fd4fb24b7dcbdf4f66d2246883b3ff344d4cbc0bb6d8d3d38bf84edc1986329b7e6
-
SSDEEP
98304:2YPJLnwy50Q3E9prX6emNXjjP+8+fuj49yREFc:rPJD2QGrX6eOP9GpAREFc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-