General
-
Target
SploitXE_BEta.rar
-
Size
3.3MB
-
Sample
240617-vhsf2swfke
-
MD5
68f23738f5bf5e2612eb02d5e1526b8a
-
SHA1
f59898686617dab7a596f5c452e4a38d90b90449
-
SHA256
e9c4cdb578c440ae2f25590d9ad7b155ae309d4f0cdc67c1f9528e070b30fac9
-
SHA512
3897abe5798c11bbe8ca45c59c1a73d055313bc41b42ef7feba9a504f01d7fa155d4a7b26193c51cbb1ccc245305ad71f7c900dbee15316261d09f997119bcb2
-
SSDEEP
98304:oEc3CcFLpIlSZfA9l0N4MRpJ7BwsE60b81jvO:+lVugOlCRpJ7BwsEGZm
Behavioral task
behavioral1
Sample
SploitXE_BEta.rar
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
SploitXE_BEta.rar
-
Size
3.3MB
-
MD5
68f23738f5bf5e2612eb02d5e1526b8a
-
SHA1
f59898686617dab7a596f5c452e4a38d90b90449
-
SHA256
e9c4cdb578c440ae2f25590d9ad7b155ae309d4f0cdc67c1f9528e070b30fac9
-
SHA512
3897abe5798c11bbe8ca45c59c1a73d055313bc41b42ef7feba9a504f01d7fa155d4a7b26193c51cbb1ccc245305ad71f7c900dbee15316261d09f997119bcb2
-
SSDEEP
98304:oEc3CcFLpIlSZfA9l0N4MRpJ7BwsE60b81jvO:+lVugOlCRpJ7BwsEGZm
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-