General
-
Target
Produkt nové objednávky.vbe
-
Size
51KB
-
Sample
230213-rk1zesdf86
-
MD5
8566f250323d019e194a8d06e8145eb3
-
SHA1
8532f545933a23ccad71e6ac6953b605df609a7e
-
SHA256
5e04ea315ad3b90a431ee7b51dc7d06128f0868518cfcfc5e4f6ed8cb4902982
-
SHA512
40151396ec17370fe42031172e8c8e5d1cefe23207d19f9eecf7a91c616eed9c7e8103c927ed6af6baed1a1ab2885486a41cd8878e5643ade4c2c3ee08cf8148
-
SSDEEP
1536:KHA3YSlpGtiIwN0eC6b5pivZkFwjYkRakQSAHkxhAToN:KHA3YSlUtyeeCm5cvZkajJUkaeLN
Static task
static1
Behavioral task
behavioral1
Sample
Produkt nové objednávky.vbe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Produkt nové objednávky.vbe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5693068931:AAGSQSNIWDJM1FzeZVNHS020I9wVBrQdkRM/
Targets
-
-
Target
Produkt nové objednávky.vbe
-
Size
51KB
-
MD5
8566f250323d019e194a8d06e8145eb3
-
SHA1
8532f545933a23ccad71e6ac6953b605df609a7e
-
SHA256
5e04ea315ad3b90a431ee7b51dc7d06128f0868518cfcfc5e4f6ed8cb4902982
-
SHA512
40151396ec17370fe42031172e8c8e5d1cefe23207d19f9eecf7a91c616eed9c7e8103c927ed6af6baed1a1ab2885486a41cd8878e5643ade4c2c3ee08cf8148
-
SSDEEP
1536:KHA3YSlpGtiIwN0eC6b5pivZkFwjYkRakQSAHkxhAToN:KHA3YSlUtyeeCm5cvZkajJUkaeLN
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-