General
-
Target
file
-
Size
176KB
-
Sample
240522-2y7z1acc98
-
MD5
beea526c04bd21a7f0022a826bd6b96c
-
SHA1
61ed1bd1ca9059f0f1f77b8fe99595cfaf1ed52d
-
SHA256
3f07778f987fe85d9fd96e1437a1cabee3fe806d198577f494a3acdb4a484ab8
-
SHA512
6fd63736145aed940b0a152320634eeaef1bfa41d17ff853de3ec6d49bc3bb2898900ad8181c6f66ba7710848171347909cedc1eeefbee2716451d782e52085f
-
SSDEEP
1536:titCl50ZoTgAJuHnjde83Ml83Mn1CyKBKyf6C9XS6zmFMtMd5/an/Rl3317TzkeH:tiKgAkHnjPIQ6KSEX/OHmp4kq4
Malware Config
Targets
-
-
Target
file
-
Size
176KB
-
MD5
beea526c04bd21a7f0022a826bd6b96c
-
SHA1
61ed1bd1ca9059f0f1f77b8fe99595cfaf1ed52d
-
SHA256
3f07778f987fe85d9fd96e1437a1cabee3fe806d198577f494a3acdb4a484ab8
-
SHA512
6fd63736145aed940b0a152320634eeaef1bfa41d17ff853de3ec6d49bc3bb2898900ad8181c6f66ba7710848171347909cedc1eeefbee2716451d782e52085f
-
SSDEEP
1536:titCl50ZoTgAJuHnjde83Ml83Mn1CyKBKyf6C9XS6zmFMtMd5/an/Rl3317TzkeH:tiKgAkHnjPIQ6KSEX/OHmp4kq4
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Looks for VirtualBox Guest Additions in registry
-
Downloads MZ/PE file
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-