General
-
Target
无害_protected.exe
-
Size
6.4MB
-
Sample
240629-grqrxsscpc
-
MD5
617d7e84ac9e7c4cbedba55ced5bb5a2
-
SHA1
2d9b72a58083cd74f4bd807d01cf184d65f07af7
-
SHA256
d034874dfb3d1ee5a2a8c7cff1959c9a02c5b3c812e9dba87690faee7a5205fa
-
SHA512
4dfe2970dc80d6f7bcbfa224403b688c6d01f5d72c898e601da95f1189b81451dac51d55842348286dd28c2058748eb3ed28c4ad0a60cf472c3ed71867fdea2e
-
SSDEEP
98304:NL3DiZ2oVX3iK62RPbT14vInBQ1kyToUa+iXX+XlkUiYFH//yfpoG87UeibVcgl:N822bzuvIngkyTdS+XQYp/Spn879Lg
Behavioral task
behavioral1
Sample
无害_protected.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
无害_protected.exe
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
无害_protected.exe
-
Size
6.4MB
-
MD5
617d7e84ac9e7c4cbedba55ced5bb5a2
-
SHA1
2d9b72a58083cd74f4bd807d01cf184d65f07af7
-
SHA256
d034874dfb3d1ee5a2a8c7cff1959c9a02c5b3c812e9dba87690faee7a5205fa
-
SHA512
4dfe2970dc80d6f7bcbfa224403b688c6d01f5d72c898e601da95f1189b81451dac51d55842348286dd28c2058748eb3ed28c4ad0a60cf472c3ed71867fdea2e
-
SSDEEP
98304:NL3DiZ2oVX3iK62RPbT14vInBQ1kyToUa+iXX+XlkUiYFH//yfpoG87UeibVcgl:N822bzuvIngkyTdS+XQYp/Spn879Lg
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-