General

  • Target

    Legacy IV - V1.1.exe

  • Size

    3.0MB

  • Sample

    240916-l3s4ms1gke

  • MD5

    a615213f1160b542f885be5fe2f0e807

  • SHA1

    8ef48ff19450fa65bce8ca82188ef61a8551b7ad

  • SHA256

    5fdebcc9fecc2084617bbd9fd2f55e7844f85ae16bcc8531edb5a92442e2eb58

  • SHA512

    f1af7653724c363e9aca4bd75476c13e0976bf7b21314936c5250c436bf8f56bfb307e64e34e0c277873a63d2a91e3f440d449e285fde7f9dc9a277f694de1fd

  • SSDEEP

    49152:X3c/GqhV0aC1jfMQ+ScvKp//dNbo4mDpt5GOQUiLVCiM+bqFsz6Z2g3VHqnVD:Xs/GnaC9MzScvK5/dQXdAUbEVXgFHq

Malware Config

Targets

    • Target

      Legacy IV - V1.1.exe

    • Size

      3.0MB

    • MD5

      a615213f1160b542f885be5fe2f0e807

    • SHA1

      8ef48ff19450fa65bce8ca82188ef61a8551b7ad

    • SHA256

      5fdebcc9fecc2084617bbd9fd2f55e7844f85ae16bcc8531edb5a92442e2eb58

    • SHA512

      f1af7653724c363e9aca4bd75476c13e0976bf7b21314936c5250c436bf8f56bfb307e64e34e0c277873a63d2a91e3f440d449e285fde7f9dc9a277f694de1fd

    • SSDEEP

      49152:X3c/GqhV0aC1jfMQ+ScvKp//dNbo4mDpt5GOQUiLVCiM+bqFsz6Z2g3VHqnVD:Xs/GnaC9MzScvK5/dQXdAUbEVXgFHq

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks