General
-
Target
Order_00361122.vbs
-
Size
276KB
-
Sample
220930-qm7z3sdfe2
-
MD5
8c99576af66faeb6ddf4f7c3f433e714
-
SHA1
ca49af12f2a1ec4c0e4e887175014278a2d5970d
-
SHA256
1eade2198b604a51fbefd8ead5b2fa124d8ce1423a866d84023372a46d4d2fd9
-
SHA512
02096dd72ca236ee53d7314003553c1fcb5ecb24b1fab5e527aded8c59453284e02d4d88c70a9d6d0d2d55aa8647cfb7e402558d8b6967f8247d5784330dcf55
-
SSDEEP
6144:3cvv8qMvgfGi81kO/4qRHKHaz+OTnH2aBRBu8M:3c3ofLiqRRz+SHl36
Static task
static1
Behavioral task
behavioral1
Sample
Order_00361122.vbs
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Order_00361122.vbs
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot2130601984:AAFbq9oRuTM0trTEQbxU_lfoBZ4A2S2DeD8/sendDocument
Targets
-
-
Target
Order_00361122.vbs
-
Size
276KB
-
MD5
8c99576af66faeb6ddf4f7c3f433e714
-
SHA1
ca49af12f2a1ec4c0e4e887175014278a2d5970d
-
SHA256
1eade2198b604a51fbefd8ead5b2fa124d8ce1423a866d84023372a46d4d2fd9
-
SHA512
02096dd72ca236ee53d7314003553c1fcb5ecb24b1fab5e527aded8c59453284e02d4d88c70a9d6d0d2d55aa8647cfb7e402558d8b6967f8247d5784330dcf55
-
SSDEEP
6144:3cvv8qMvgfGi81kO/4qRHKHaz+OTnH2aBRBu8M:3c3ofLiqRRz+SHl36
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-