Overview

overview

10

Static

static

1

NT0078-500093.vbs

windows7-x64

3

NT0078-500093.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NT0078-500093.vbs

  • Size

    346KB

  • Sample

    230403-mzebraff6y

  • MD5

    2bc43809a78b0a3cba5178a7945184bb

  • SHA1

    ef3ac70ba45413a54f1f113cdc0f0a12c8d107f5

  • SHA256

    70ec0f477777580c4ae2c92d05cab059ca0b86660cf5fe9d96c8ea6f6a743557

  • SHA512

    197444325d19de480843ffa091721afeac76bf6c5d66506f6e4027b03c2f1ab9e9f1095df643e1a7510906469351b6befe9d483669337aa6931e554fa6fae6a4

  • SSDEEP

    1536:j89r/aDcWJwG0mtvR/Eg5y6Fl6ktr+MMmBaMszsbe:KtNP

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      NT0078-500093.vbs

    • Size

      346KB

    • MD5

      2bc43809a78b0a3cba5178a7945184bb

    • SHA1

      ef3ac70ba45413a54f1f113cdc0f0a12c8d107f5

    • SHA256

      70ec0f477777580c4ae2c92d05cab059ca0b86660cf5fe9d96c8ea6f6a743557

    • SHA512

      197444325d19de480843ffa091721afeac76bf6c5d66506f6e4027b03c2f1ab9e9f1095df643e1a7510906469351b6befe9d483669337aa6931e554fa6fae6a4

    • SSDEEP

      1536:j89r/aDcWJwG0mtvR/Eg5y6Fl6ktr+MMmBaMszsbe:KtNP

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks