General
-
Target
Salary-Increase-Datasheet-Deceember-2022.vbe
-
Size
602KB
-
Sample
221206-htwlmagh2w
-
MD5
03f14b68315fa272d3f573c265fad342
-
SHA1
1ab4db87eda2c6e38adf91db4769a0d35468afdf
-
SHA256
ca69ae5499c657b8b383cf6351147762093ecaa876f8b7c31850b32e10dc8c89
-
SHA512
a5e8171828dbf7074a1fedea6a6bcad1341387cc238a12411e70b4ba78d5effdd81d5e21d61971bc09cde6a0207ce5776a5e2eed5bd0e560666de076c5282a3c
-
SSDEEP
12288:Y4xIeYbcj1U0xh99kYjUBW9g3VneffpEb:ieJxU0N93gW9ySfpEb
Static task
static1
Behavioral task
behavioral1
Sample
Salary-Increase-Datasheet-Deceember-2022.vbe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Salary-Increase-Datasheet-Deceember-2022.vbe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtpout.secureserver.net - Port:
587 - Username:
[email protected] - Password:
somethingcute4806657158 - Email To:
[email protected]
Targets
-
-
Target
Salary-Increase-Datasheet-Deceember-2022.vbe
-
Size
602KB
-
MD5
03f14b68315fa272d3f573c265fad342
-
SHA1
1ab4db87eda2c6e38adf91db4769a0d35468afdf
-
SHA256
ca69ae5499c657b8b383cf6351147762093ecaa876f8b7c31850b32e10dc8c89
-
SHA512
a5e8171828dbf7074a1fedea6a6bcad1341387cc238a12411e70b4ba78d5effdd81d5e21d61971bc09cde6a0207ce5776a5e2eed5bd0e560666de076c5282a3c
-
SSDEEP
12288:Y4xIeYbcj1U0xh99kYjUBW9g3VneffpEb:ieJxU0N93gW9ySfpEb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-