General
-
Target
Ordine n.47201 pdf.vbs
-
Size
337KB
-
Sample
221128-nmy13aae82
-
MD5
c8290bc8659c4a6a45ccd1af9268e400
-
SHA1
d2a97dd4fa44d5e2a568d75b764cc47e5878f960
-
SHA256
f39968efba7ebe58abba685f5b834f6e0c8393dfaeaf7d08d5f6e625c33a04e1
-
SHA512
52cf38b8095759f33affba504463f1d8b44d2497efa1bb21e84e63d75d52a61e45b3327a01d5c0fd54116091273d429066603e2e50dfc9303bddf54f9896f6c5
-
SSDEEP
6144:JgYNxYywvF7r/8o1W1iajiYGnCEMDKlM58vbu7bhHZIKK:iVvF7r07iYGCEMejc6KK
Static task
static1
Behavioral task
behavioral1
Sample
Ordine n.47201 pdf.vbs
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Ordine n.47201 pdf.vbs
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.mcmprint.net - Port:
21 - Username:
klogz@mcmprint.net - Password:
l9Hh{#_(0shZ
Targets
-
-
Target
Ordine n.47201 pdf.vbs
-
Size
337KB
-
MD5
c8290bc8659c4a6a45ccd1af9268e400
-
SHA1
d2a97dd4fa44d5e2a568d75b764cc47e5878f960
-
SHA256
f39968efba7ebe58abba685f5b834f6e0c8393dfaeaf7d08d5f6e625c33a04e1
-
SHA512
52cf38b8095759f33affba504463f1d8b44d2497efa1bb21e84e63d75d52a61e45b3327a01d5c0fd54116091273d429066603e2e50dfc9303bddf54f9896f6c5
-
SSDEEP
6144:JgYNxYywvF7r/8o1W1iajiYGnCEMDKlM58vbu7bhHZIKK:iVvF7r07iYGCEMejc6KK
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-