General
-
Target
A06B89AB8DE11D1A00A2CFAAFEAFA96A84E1C867C9650D2574AB5C5965195CE8
-
Size
137KB
-
Sample
221123-r2rgbadb31
-
MD5
7bc0701880cef8b250bc839c02c440d7
-
SHA1
08929a6a39c4c3e6627e26fb1c698654b3e14b1b
-
SHA256
a06b89ab8de11d1a00a2cfaafeafa96a84e1c867c9650d2574ab5c5965195ce8
-
SHA512
9db37ed8d23dcca87a1ca419049c5a80dbfb101fc66a9453c0f0c2dc9a06ebb42095753256bdfaa16f6c3f85c0a8219467ad80239a9718b983f6408b5f1fa1af
-
SSDEEP
3072:IV2fcI4tf7gOLVzruUhsvkVlKjz4tTllIUC+ZY:ZwfEOLVzruClKvql2+C
Static task
static1
Behavioral task
behavioral1
Sample
Order #K0137080.vbs
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Order #K0137080.vbs
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.lansol.com - Port:
21 - Username:
[email protected] - Password:
@t6cIop2jJgW
Targets
-
-
Target
Order #K0137080.vbs
-
Size
236KB
-
MD5
96fab6f37daa6c05627d826d62db3199
-
SHA1
1ab3d160bc854e0cbc875438896c58d6c4c886b2
-
SHA256
1cd7d45d2466ce4a8220edc05bc8a9141e89f80e7e0f33ff61a6200011442bad
-
SHA512
059a9a60221f117f2258b14bfa218351f913156635e79751534256a1d9bc2867c0ced84f5bba3c4345c41e0aded7fde6471d1c294fc2569672010e31a88d9ccd
-
SSDEEP
6144:D78FFZJ4u+WvCjd2Zj21DL8rWl5/0ahnAMANPh:X8FP9XvCjd2h2tL0STVAdh
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-