General
-
Target
Product List.exe
-
Size
564KB
-
Sample
210223-1v53ngg6lj
-
MD5
df1a8e7ffa630db4a9fa38abaec4c0d2
-
SHA1
19077607d6f6951499783faec6f1722cb9b2c077
-
SHA256
8174806d6bbe5f5c713a2a860c36b22d3efe8c7effeb0284bb23de5a9fe68d26
-
SHA512
7e7c2e8d94afae614291a9add08ee21ec1d0045ed30f0912a1572aa0d4090a214de0ac669cdb0f87a7bba35e9ca82fd5aaabe88871c1f5567ba2c3fb26262973
Static task
static1
Behavioral task
behavioral1
Sample
Product List.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
at.engineering - Port:
587 - Username:
kristle@at.engineering - Password:
ATE@2019
Targets
-
-
Target
Product List.exe
-
Size
564KB
-
MD5
df1a8e7ffa630db4a9fa38abaec4c0d2
-
SHA1
19077607d6f6951499783faec6f1722cb9b2c077
-
SHA256
8174806d6bbe5f5c713a2a860c36b22d3efe8c7effeb0284bb23de5a9fe68d26
-
SHA512
7e7c2e8d94afae614291a9add08ee21ec1d0045ed30f0912a1572aa0d4090a214de0ac669cdb0f87a7bba35e9ca82fd5aaabe88871c1f5567ba2c3fb26262973
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-