General
-
Target
vbc.ex
-
Size
523KB
-
Sample
221003-jqdgbafdej
-
MD5
53b9e0fde66e12f4fed9b8387552e1d2
-
SHA1
bab7a3747119c6a157798bdd1113940d50071cd7
-
SHA256
d2bfb8991bcbbae16022097161db1188c7f3ad19bdebe029fbfe803afad45f63
-
SHA512
e42403f031086c39bd1024619a7296260a350537f80aa20e4a136165e20504f6e1aaf375c887dac78325ef21fd1de2dd74507fd95bd4a5b37147672cb1b03ca3
-
SSDEEP
12288:yL5b2iN5ce0gNstVxuGJHHyp6Eh3CqAs3E:uh1TcZptSsHMG
Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
vbc.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.eyeshop.co.za - Port:
587 - Username:
reynoridge@eyeshop.co.za - Password:
eyeS@p0
Extracted
agenttesla
Protocol: smtp- Host:
mail.eyeshop.co.za - Port:
587 - Username:
reynoridge@eyeshop.co.za - Password:
eyeS@p0 - Email To:
xqalloys@gmail.com
Targets
-
-
Target
vbc.ex
-
Size
523KB
-
MD5
53b9e0fde66e12f4fed9b8387552e1d2
-
SHA1
bab7a3747119c6a157798bdd1113940d50071cd7
-
SHA256
d2bfb8991bcbbae16022097161db1188c7f3ad19bdebe029fbfe803afad45f63
-
SHA512
e42403f031086c39bd1024619a7296260a350537f80aa20e4a136165e20504f6e1aaf375c887dac78325ef21fd1de2dd74507fd95bd4a5b37147672cb1b03ca3
-
SSDEEP
12288:yL5b2iN5ce0gNstVxuGJHHyp6Eh3CqAs3E:uh1TcZptSsHMG
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops file in Drivers directory
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-