General
-
Target
Legacy IV - V1.1.exe
-
Size
3.0MB
-
Sample
240916-l3s4ms1gke
-
MD5
a615213f1160b542f885be5fe2f0e807
-
SHA1
8ef48ff19450fa65bce8ca82188ef61a8551b7ad
-
SHA256
5fdebcc9fecc2084617bbd9fd2f55e7844f85ae16bcc8531edb5a92442e2eb58
-
SHA512
f1af7653724c363e9aca4bd75476c13e0976bf7b21314936c5250c436bf8f56bfb307e64e34e0c277873a63d2a91e3f440d449e285fde7f9dc9a277f694de1fd
-
SSDEEP
49152:X3c/GqhV0aC1jfMQ+ScvKp//dNbo4mDpt5GOQUiLVCiM+bqFsz6Z2g3VHqnVD:Xs/GnaC9MzScvK5/dQXdAUbEVXgFHq
Static task
static1
Behavioral task
behavioral1
Sample
Legacy IV - V1.1.exe
Resource
win7-20240704-en
Malware Config
Targets
-
-
Target
Legacy IV - V1.1.exe
-
Size
3.0MB
-
MD5
a615213f1160b542f885be5fe2f0e807
-
SHA1
8ef48ff19450fa65bce8ca82188ef61a8551b7ad
-
SHA256
5fdebcc9fecc2084617bbd9fd2f55e7844f85ae16bcc8531edb5a92442e2eb58
-
SHA512
f1af7653724c363e9aca4bd75476c13e0976bf7b21314936c5250c436bf8f56bfb307e64e34e0c277873a63d2a91e3f440d449e285fde7f9dc9a277f694de1fd
-
SSDEEP
49152:X3c/GqhV0aC1jfMQ+ScvKp//dNbo4mDpt5GOQUiLVCiM+bqFsz6Z2g3VHqnVD:Xs/GnaC9MzScvK5/dQXdAUbEVXgFHq
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-