General
-
Target
vbc.exe
-
Size
858KB
-
Sample
221116-gz5k2shd86
-
MD5
7fb9b2d5837ba9d8b7ea0ad5d75f4c7e
-
SHA1
82964b5e19f148755650d2ed0acfa6c74b6b9c6e
-
SHA256
d29075d85d60a21f86b7ac67c4dcf41ca46a96b208681b3f3486d07182ec620a
-
SHA512
d0f7c55e2f3ea8b11e7f258afa8006719ad5476b5eb82d2e3278847ab4883186a88954cde38b6c8b4f63b383db16ba2dc2a61364fff3e31d02bbb240bd8ed777
-
SSDEEP
12288:huhWHStbpxyNzXkoyhjDZbhqLY9c1IDf56F1KbMUhllldGl0u4:0UHXcnaYNj5qGPvjx
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
snakelogs@yandex.com - Password:
tqzwrcdhriqzrjyb
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
snakelogs@yandex.com - Password:
tqzwrcdhriqzrjyb
Targets
-
-
Target
vbc.exe
-
Size
858KB
-
MD5
7fb9b2d5837ba9d8b7ea0ad5d75f4c7e
-
SHA1
82964b5e19f148755650d2ed0acfa6c74b6b9c6e
-
SHA256
d29075d85d60a21f86b7ac67c4dcf41ca46a96b208681b3f3486d07182ec620a
-
SHA512
d0f7c55e2f3ea8b11e7f258afa8006719ad5476b5eb82d2e3278847ab4883186a88954cde38b6c8b4f63b383db16ba2dc2a61364fff3e31d02bbb240bd8ed777
-
SSDEEP
12288:huhWHStbpxyNzXkoyhjDZbhqLY9c1IDf56F1KbMUhllldGl0u4:0UHXcnaYNj5qGPvjx
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-