General
-
Target
VBS NO STARTUP (1).vbs
-
Size
682KB
-
Sample
230331-yv4xdsed41
-
MD5
b664e7f93d7b6696ea7d09ccacaf45d8
-
SHA1
c4a0242540a3f9a25e37a5172c11d14e9bb03d35
-
SHA256
d925672f768f285ae5c2e4f2b4e6b4faf5da63527da03965dcb9be4cf9901258
-
SHA512
abc85ff3767e31a3a5abbfa8da3dd1ff2ebc8f4044efe6814750849cd4628984be2974951db75c04b341f2deef585b352d80683357d5da5f66fe3f11be88123e
-
SSDEEP
1536:j89r/aDcWJwG0mtvR/Eg5mLK1FaktLO8smRKsszsaoQVQPQzQ5QSQ6QSQQQmQDQR:KtbW
Static task
static1
Behavioral task
behavioral1
Sample
VBS NO STARTUP (1).vbs
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
VBS NO STARTUP (1).vbs
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.sisoempresarialsas.com - Port:
21 - Username:
cousin@sisoempresarialsas.com - Password:
_X@Y2JZ!+7b+
Targets
-
-
Target
VBS NO STARTUP (1).vbs
-
Size
682KB
-
MD5
b664e7f93d7b6696ea7d09ccacaf45d8
-
SHA1
c4a0242540a3f9a25e37a5172c11d14e9bb03d35
-
SHA256
d925672f768f285ae5c2e4f2b4e6b4faf5da63527da03965dcb9be4cf9901258
-
SHA512
abc85ff3767e31a3a5abbfa8da3dd1ff2ebc8f4044efe6814750849cd4628984be2974951db75c04b341f2deef585b352d80683357d5da5f66fe3f11be88123e
-
SSDEEP
1536:j89r/aDcWJwG0mtvR/Eg5mLK1FaktLO8smRKsszsaoQVQPQzQ5QSQ6QSQQQmQDQR:KtbW
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-