General
-
Target
9c6355d9e45cf0878ba3bd4f56fee240N.exe
-
Size
3.3MB
-
Sample
240727-gle38szhjl
-
MD5
9c6355d9e45cf0878ba3bd4f56fee240
-
SHA1
b031fc93603909bdbca5ab38465dbac196b93847
-
SHA256
99953ce97352b37ba4549e793e3e4b3eb96ac44f2c12b9dc448676e6beb2521e
-
SHA512
be83890c2a128b35c228cd5727b9b76e71ad278a6b98e6a40b96023e8931d10fa9618af37200d04450eaeb0055c3c97b974e49033fab2eba336bd3f1d3b60807
-
SSDEEP
49152:xYvIu9Cv2zu9pmANQ8klA+2vHgo28UOzIcCV/0O5PqlykUCsC9k+jcCC1M:xYvbwjK6jUQId/LoyUkVM
Malware Config
Targets
-
-
Target
9c6355d9e45cf0878ba3bd4f56fee240N.exe
-
Size
3.3MB
-
MD5
9c6355d9e45cf0878ba3bd4f56fee240
-
SHA1
b031fc93603909bdbca5ab38465dbac196b93847
-
SHA256
99953ce97352b37ba4549e793e3e4b3eb96ac44f2c12b9dc448676e6beb2521e
-
SHA512
be83890c2a128b35c228cd5727b9b76e71ad278a6b98e6a40b96023e8931d10fa9618af37200d04450eaeb0055c3c97b974e49033fab2eba336bd3f1d3b60807
-
SSDEEP
49152:xYvIu9Cv2zu9pmANQ8klA+2vHgo28UOzIcCV/0O5PqlykUCsC9k+jcCC1M:xYvbwjK6jUQId/LoyUkVM
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-