General
-
Target
Articolo nuovo ordine.vbs
-
Size
124KB
-
Sample
230208-xb2ggsdf3s
-
MD5
a2e30a66600d06ce64856277fe843f07
-
SHA1
c4553901c5cc29463e0b38ddf2577cfcbad53953
-
SHA256
d35688b52bc5bb7819e2049e7271eb5a3084ba07febfc4ac74004fb0d9d6875c
-
SHA512
bdb62b38953f726e58ef72617f8c54b61e0ee4b14d5459fe30b4373d49b55574893418670438325c75d54b99d1c34d70f8563a376c2939c33b857463936f0bc8
-
SSDEEP
3072:Fy0q3Cj8Lqba9hy7jPcWCuHzq0+gAphyx:g0w/me9hyX9HW0+1M
Malware Config
Extracted
https://drive.google.com/uc?export=download&id=1B3MRGXuZWdG46eXHp6A71YeYmlVrmaBx
Extracted
agenttesla
https://api.telegram.org/bot5693068931:AAGSQSNIWDJM1FzeZVNHS020I9wVBrQdkRM/
Targets
-
-
Target
Articolo nuovo ordine.vbs
-
Size
124KB
-
MD5
a2e30a66600d06ce64856277fe843f07
-
SHA1
c4553901c5cc29463e0b38ddf2577cfcbad53953
-
SHA256
d35688b52bc5bb7819e2049e7271eb5a3084ba07febfc4ac74004fb0d9d6875c
-
SHA512
bdb62b38953f726e58ef72617f8c54b61e0ee4b14d5459fe30b4373d49b55574893418670438325c75d54b99d1c34d70f8563a376c2939c33b857463936f0bc8
-
SSDEEP
3072:Fy0q3Cj8Lqba9hy7jPcWCuHzq0+gAphyx:g0w/me9hyX9HW0+1M
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Blocklisted process makes network request
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-