Overview

overview

10

Static

static

vbc.exe

windows7_x64

10

vbc.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vbc.exe

  • Size

    816KB

  • Sample

    211025-pv7tlsgbe2

  • MD5

    f1119af41aa1a22ea18df0c7b51aac11

  • SHA1

    22c83312287db61ecfe83256f44b99be4ac25919

  • SHA256

    c37506485694a1440ecbf47a0084a3691084e0869abb163f353fe081e1c49670

  • SHA512

    12324f2a6fea3f0d27e62f6f4348a3aff5740a8ca886f0f3629c1d16843909f35d8444b70ed57fd739aac5ba1c60902819f9bd0dd7443603977dba71f7857b7a

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.enerzi.co
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Enerzis@123!#

Targets

    • Target

      vbc.exe

    • Size

      816KB

    • MD5

      f1119af41aa1a22ea18df0c7b51aac11

    • SHA1

      22c83312287db61ecfe83256f44b99be4ac25919

    • SHA256

      c37506485694a1440ecbf47a0084a3691084e0869abb163f353fe081e1c49670

    • SHA512

      12324f2a6fea3f0d27e62f6f4348a3aff5740a8ca886f0f3629c1d16843909f35d8444b70ed57fd739aac5ba1c60902819f9bd0dd7443603977dba71f7857b7a

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks