General
-
Target
Artifacts-2023-02-09_10-04-21Z.zip
-
Size
279KB
-
Sample
230209-l3b55afc5z
-
MD5
d86ad38bcaff9bd1bed31c863c65e30d
-
SHA1
9aba380a66fe430d0bcf5972392afcaf37bf4ff7
-
SHA256
8b2ba240fba45ee88be1fa83178da8abf77b0db0633d1097c80c453f530cbb48
-
SHA512
6088e43cbfb884319b76ac417e86a1ac65da0acbe30e4731ab85b67f1aa137e71cbdfb2a6b8a0e0193443bc95df36633a3fb181083484adf03bb40c53299d793
-
SSDEEP
6144:iL59L7vz6WaS0ipkMhoSOBHrUf9wJmfXXaLQ/jC1OTS34dp17aEy0YxDa6BkrBqU:u5Bvz67S0MhoSOvJGHQQkodp17aEROjU
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
Smtp.ionos.co.uk - Port:
587 - Username:
[email protected] - Password:
PJaccident@2020 - Email To:
[email protected]
Targets
-
-
Target
UNICO - STATEMENT OF ACCOUNT JANUARY 2023.vbs
-
Size
418KB
-
MD5
9c04033a09694d28258d0a6a183fe798
-
SHA1
0137ae773b97c97e9c5769607090cfc7fa123c24
-
SHA256
c17cc4b45c7800276ec90e29e20b0df92d0781ef25bbc060cfb8a0fc093e4a33
-
SHA512
bf6b1e10ef1e770acc0a7bf8644edeea0ea321eaff0cd64a844d9c80e4b0de6f4fbeaeb1a0e477243c8abca1f7f67e99976ce91c667dc30574712450be9b297a
-
SSDEEP
6144:eK0IHb/7T+wBoof/zvLx8gFL6a83ezZmpXQqmp66Qo1t6aCf8zG15UtGqSk6yL:eK5fCfCTx8gv8x5NmY4tE1WVT
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Blocklisted process makes network request
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-