General
-
Target
sample.vbs
-
Size
419KB
-
Sample
230209-mdeemafh5y
-
MD5
0d6ae3ecebf610f5718b7c43ae14239f
-
SHA1
1e042b919df9172e682b4d8dc4f21f07188ff159
-
SHA256
b78a24353d7b99db6ea8d22ab2576f59e03b371a6f18cddcef355fd2db77c848
-
SHA512
bd4128d1002d59a1a7477a42c1efce58ea1d89c325abe25d572465b854b4cf621768cdcb85dc68ada0c5949091fa80923911a7d540e14e2dca669aee14e503f2
-
SSDEEP
12288:FyDb/q0a+R6M09N8ZMRGrRmaqK4au+JL2Lh/ln1W5v:w/zR6M09gMzaq3a9khtnA5v
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
Smtp.ionos.co.uk - Port:
587 - Username:
[email protected] - Password:
PJaccident@2020 - Email To:
[email protected]
Targets
-
-
Target
sample.vbs
-
Size
419KB
-
MD5
0d6ae3ecebf610f5718b7c43ae14239f
-
SHA1
1e042b919df9172e682b4d8dc4f21f07188ff159
-
SHA256
b78a24353d7b99db6ea8d22ab2576f59e03b371a6f18cddcef355fd2db77c848
-
SHA512
bd4128d1002d59a1a7477a42c1efce58ea1d89c325abe25d572465b854b4cf621768cdcb85dc68ada0c5949091fa80923911a7d540e14e2dca669aee14e503f2
-
SSDEEP
12288:FyDb/q0a+R6M09N8ZMRGrRmaqK4au+JL2Lh/ln1W5v:w/zR6M09gMzaq3a9khtnA5v
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Blocklisted process makes network request
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-