General
-
Target
Richiesta urgente.vbs
-
Size
347KB
-
Sample
221128-m1qq6sdb8z
-
MD5
de0edf01710a38b1e96688ae2f712ebb
-
SHA1
6791a70cf79c415ba109e86734bcfd1b4930ec31
-
SHA256
20796159ce1191fe88603ee4be1855bca614bcb29161d149a6990b48589d88c5
-
SHA512
8456bd4c7106a8231f07407fa692520436a9be635fe6245e20d0d61efe11bd2664f758dc7a2f30eb7fd0839e90b854972d5c6d31d6b7e800d78bbf5bb4d970b9
-
SSDEEP
6144:JmYNxYtoG4TDkYeZrZZL1HQTazh6VQIGoeJTaBrSlWYNemg/j4XO9Zob4HZIKK:8JaVerZzwTi4VyoKKrSlZN4/7F6KK
Static task
static1
Behavioral task
behavioral1
Sample
Richiesta urgente.vbs
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Richiesta urgente.vbs
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.mcmprint.net - Port:
21 - Username:
noffice@mcmprint.net - Password:
2K-0}h.[5hb)
Extracted
Protocol: ftp- Host:
ftp.mcmprint.net - Port:
21 - Username:
noffice@mcmprint.net - Password:
2K-0}h.[5hb)
Targets
-
-
Target
Richiesta urgente.vbs
-
Size
347KB
-
MD5
de0edf01710a38b1e96688ae2f712ebb
-
SHA1
6791a70cf79c415ba109e86734bcfd1b4930ec31
-
SHA256
20796159ce1191fe88603ee4be1855bca614bcb29161d149a6990b48589d88c5
-
SHA512
8456bd4c7106a8231f07407fa692520436a9be635fe6245e20d0d61efe11bd2664f758dc7a2f30eb7fd0839e90b854972d5c6d31d6b7e800d78bbf5bb4d970b9
-
SSDEEP
6144:JmYNxYtoG4TDkYeZrZZL1HQTazh6VQIGoeJTaBrSlWYNemg/j4XO9Zob4HZIKK:8JaVerZzwTi4VyoKKrSlZN4/7F6KK
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-