General
-
Target
2bb40a42d7233c024c932d9f837e5781fd561e265406c788380896786b3c1608
-
Size
677KB
-
Sample
240522-bwl2msgc2x
-
MD5
b6edf1a9c6c7803003182ae065a93585
-
SHA1
fda610a9c5eae704581247442c005912d62cdc32
-
SHA256
2bb40a42d7233c024c932d9f837e5781fd561e265406c788380896786b3c1608
-
SHA512
4d2089cea95b1f45246b80a197c9ba16034006b796a13514cca0c8539322b7f513183601b92a69e48796e01ffbf5e23d59f5bfb27349299957773ab9853c3849
-
SSDEEP
12288:mI5ngiPVKgbIPKWez9UP/J7zdmXltfeLzxvXUBtHgYTomar:7nxK7PtAm/dzzLdv9Fr
Static task
static1
Behavioral task
behavioral1
Sample
2bb40a42d7233c024c932d9f837e5781fd561e265406c788380896786b3c1608.exe
Resource
win7-20240419-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7168430181:AAE4XS0ePQeF2h4qrehtp2YVoyJ1LF1-SoQ/
Targets
-
-
Target
2bb40a42d7233c024c932d9f837e5781fd561e265406c788380896786b3c1608
-
Size
677KB
-
MD5
b6edf1a9c6c7803003182ae065a93585
-
SHA1
fda610a9c5eae704581247442c005912d62cdc32
-
SHA256
2bb40a42d7233c024c932d9f837e5781fd561e265406c788380896786b3c1608
-
SHA512
4d2089cea95b1f45246b80a197c9ba16034006b796a13514cca0c8539322b7f513183601b92a69e48796e01ffbf5e23d59f5bfb27349299957773ab9853c3849
-
SSDEEP
12288:mI5ngiPVKgbIPKWez9UP/J7zdmXltfeLzxvXUBtHgYTomar:7nxK7PtAm/dzzLdv9Fr
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks for VirtualBox Guest Additions in registry
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
4Virtualization/Sandbox Evasion
2