General
-
Target
BlamFREE.exe
-
Size
5.1MB
-
Sample
240610-fqrgdscd8v
-
MD5
34c616e5aecef6d5e8eb159bfb64a3a5
-
SHA1
3ac025952ba48b9415c544af3a6debf25292e1bd
-
SHA256
aa412178ead22a7b200d0375a8cf986e19bac59b54ee8fb08d3a9d74127eefe9
-
SHA512
6a574bd2962045173ba7306131284d3b0121b1be849a8a4fa455bdeb04d44f950c8207161b0e1160c43c45f1950e19adf59c9c1e0aaf6188d56a6132b0e4e28e
-
SSDEEP
98304:RZNKkmUI4/speViXUmhQIhgO9xlt5kL2/UrBsfiYvlyaiMm5mBTQwJin3:xKkmUIrFUmCIzltz/SmdcMmgpQiin3
Malware Config
Targets
-
-
Target
BlamFREE.exe
-
Size
5.1MB
-
MD5
34c616e5aecef6d5e8eb159bfb64a3a5
-
SHA1
3ac025952ba48b9415c544af3a6debf25292e1bd
-
SHA256
aa412178ead22a7b200d0375a8cf986e19bac59b54ee8fb08d3a9d74127eefe9
-
SHA512
6a574bd2962045173ba7306131284d3b0121b1be849a8a4fa455bdeb04d44f950c8207161b0e1160c43c45f1950e19adf59c9c1e0aaf6188d56a6132b0e4e28e
-
SSDEEP
98304:RZNKkmUI4/speViXUmhQIhgO9xlt5kL2/UrBsfiYvlyaiMm5mBTQwJin3:xKkmUIrFUmCIzltz/SmdcMmgpQiin3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-