General
-
Target
tuuuu4xxPayload.vbs
-
Size
865KB
-
Sample
230328-tym1tsdf5t
-
MD5
379cafe0ba44d003b6707076c49b0ca9
-
SHA1
5d85cf3f16e9d25310d18075e18938315990ff1c
-
SHA256
e1a02d6fcc734c144f16ae3970abd8f3144512ccde453a4a4eb621555c080fb2
-
SHA512
f12a61e6f19abd7fb3da344ebeb1abe46e96c6bc8c08f7235c0cabb1243e9c81bb1332c384ae63015dad0967669c1efa0d52e3f9684035bd75309ab528915bea
-
SSDEEP
1536:D5FjaXGxbMN75ro6BHB1ZoVuwDTTTTNVBTwqq/YvldOJl7dhWFHFbTTYTEsTT7l2:fQZkd
Static task
static1
Behavioral task
behavioral1
Sample
tuuuu4xxPayload.vbs
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tuuuu4xxPayload.vbs
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.sisoempresarialsas.com - Port:
21 - Username:
droid@sisoempresarialsas.com - Password:
.!LV?]FKWxUy
Targets
-
-
Target
tuuuu4xxPayload.vbs
-
Size
865KB
-
MD5
379cafe0ba44d003b6707076c49b0ca9
-
SHA1
5d85cf3f16e9d25310d18075e18938315990ff1c
-
SHA256
e1a02d6fcc734c144f16ae3970abd8f3144512ccde453a4a4eb621555c080fb2
-
SHA512
f12a61e6f19abd7fb3da344ebeb1abe46e96c6bc8c08f7235c0cabb1243e9c81bb1332c384ae63015dad0967669c1efa0d52e3f9684035bd75309ab528915bea
-
SSDEEP
1536:D5FjaXGxbMN75ro6BHB1ZoVuwDTTTTNVBTwqq/YvldOJl7dhWFHFbTTYTEsTT7l2:fQZkd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-