General
-
Target
vbc.exebqjzwqto
-
Size
887KB
-
Sample
220522-ghqessbghl
-
MD5
aa223c48d72371b24baf306eb49e7597
-
SHA1
8e44f69cb4bfea69da961ecc3e79f0673cd475f8
-
SHA256
64f53c937686e85e45ba96c09e4865bc747560e83d132cb9b6ef8c174948c98f
-
SHA512
26d67bb2fe920d91bafbcf6c1c5ab0a32cf590c2470bfd81440e5f88461e8bcee87d79219f14b4dd6c798602f3facf96177ea14f6a6eaf653092f40d95f3e8be
Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
vbc.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.botswanbuidtec.com - Port:
587 - Username:
hen@botswanbuidtec.com - Password:
!tdB!ja2
Targets
-
-
Target
vbc.exebqjzwqto
-
Size
887KB
-
MD5
aa223c48d72371b24baf306eb49e7597
-
SHA1
8e44f69cb4bfea69da961ecc3e79f0673cd475f8
-
SHA256
64f53c937686e85e45ba96c09e4865bc747560e83d132cb9b6ef8c174948c98f
-
SHA512
26d67bb2fe920d91bafbcf6c1c5ab0a32cf590c2470bfd81440e5f88461e8bcee87d79219f14b4dd6c798602f3facf96177ea14f6a6eaf653092f40d95f3e8be
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-