General
-
Target
Richiesta urgente.gz
-
Size
192KB
-
Sample
221128-mghw8afd94
-
MD5
2930c7fde6f66ee6f538637dd3623749
-
SHA1
761d857b60f9ed393a8ff60b2c019ba0a33e1f0c
-
SHA256
11fcce94c7834e10cabc717db1e141354d4f79cd802c37dc4a8cddcf43bec41b
-
SHA512
f77c36dcd0b78ba4879dfaecde6cb28a2c82e65c28f165e3f7b27588d8d268c9a258154c0fe0484ce38e616f410e6f4bd403145c12d3011af6095ce311553b8b
-
SSDEEP
6144:WcuJ3jEF1cH1FHXXdXwOzA6j/IfqGPzl5qSREgSYYfHv:W7+1cHDXtVzAFqGzgH
Static task
static1
Behavioral task
behavioral1
Sample
Richiesta urgente.vbs
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Richiesta urgente.vbs
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.mcmprint.net - Port:
21 - Username:
noffice@mcmprint.net - Password:
2K-0}h.[5hb)
Extracted
Protocol: ftp- Host:
ftp.mcmprint.net - Port:
21 - Username:
noffice@mcmprint.net - Password:
2K-0}h.[5hb)
Targets
-
-
Target
Richiesta urgente.vbs
-
Size
347KB
-
MD5
de0edf01710a38b1e96688ae2f712ebb
-
SHA1
6791a70cf79c415ba109e86734bcfd1b4930ec31
-
SHA256
20796159ce1191fe88603ee4be1855bca614bcb29161d149a6990b48589d88c5
-
SHA512
8456bd4c7106a8231f07407fa692520436a9be635fe6245e20d0d61efe11bd2664f758dc7a2f30eb7fd0839e90b854972d5c6d31d6b7e800d78bbf5bb4d970b9
-
SSDEEP
6144:JmYNxYtoG4TDkYeZrZZL1HQTazh6VQIGoeJTaBrSlWYNemg/j4XO9Zob4HZIKK:8JaVerZzwTi4VyoKKrSlZN4/7F6KK
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-