General
-
Target
file
-
Size
176KB
-
Sample
240523-af1pesed49
-
MD5
6bc5d3a03c1743a427da3619a602b852
-
SHA1
f5c61c9b60b9009b015c89e4f1d8ae8f7bb545ab
-
SHA256
1dac9bf886bee2e9d288c39d1cd1e3d8507a923c63786a31342ea95f94808dc3
-
SHA512
060093bde4373d6b114ee196418878dd08da2de3d0a345d57ad9ab0b8fae4a8a855fe59bc7c597b2792c6498b9e3dede699b401ded222101d60d799a8aeefdf9
-
SSDEEP
1536:titCl50ZoTgAJuHnjde83Ml83Mn1CyKBKyf6C9XS6zmFMtMd5/an/xl3217Tzkeq:tiKgAkHnjPIQ6KSEX/5Hm/4Kz4
Static task
static1
Malware Config
Targets
-
-
Target
file
-
Size
176KB
-
MD5
6bc5d3a03c1743a427da3619a602b852
-
SHA1
f5c61c9b60b9009b015c89e4f1d8ae8f7bb545ab
-
SHA256
1dac9bf886bee2e9d288c39d1cd1e3d8507a923c63786a31342ea95f94808dc3
-
SHA512
060093bde4373d6b114ee196418878dd08da2de3d0a345d57ad9ab0b8fae4a8a855fe59bc7c597b2792c6498b9e3dede699b401ded222101d60d799a8aeefdf9
-
SSDEEP
1536:titCl50ZoTgAJuHnjde83Ml83Mn1CyKBKyf6C9XS6zmFMtMd5/an/xl3217Tzkeq:tiKgAkHnjPIQ6KSEX/5Hm/4Kz4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-