General
-
Target
cantlose.vbs
-
Size
804KB
-
Sample
230518-q9y1paca68
-
MD5
1c8636ac78fc9ed8fbdafe0cca001a5a
-
SHA1
a8fd7ccc2ef01955208695b84e1b758ce0e1ac17
-
SHA256
1ecd2d55db79d55f1923ac98e1edf145d5d4ab3260c9dfeb7fa0986aa5414c8e
-
SHA512
27686708b200903b974be0d1f8d022dac77c0b3550995c361696b1a0256f653ea4de1566b20b579a4eb33cec4990d3b99735a9a1447e1d149d7859e3bf1c103c
-
SSDEEP
12288:YYF0k656o6B6+6+6+6+6J6p6P6u6O696n6+6S6K65636X6t6u6w6+6p6F6+6+6K8:p
Static task
static1
Behavioral task
behavioral1
Sample
cantlose.vbs
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
cantlose.vbs
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.solucionesmexico.mx - Port:
21 - Username:
[email protected] - Password:
dGG^ZYIxX5!B
Targets
-
-
Target
cantlose.vbs
-
Size
804KB
-
MD5
1c8636ac78fc9ed8fbdafe0cca001a5a
-
SHA1
a8fd7ccc2ef01955208695b84e1b758ce0e1ac17
-
SHA256
1ecd2d55db79d55f1923ac98e1edf145d5d4ab3260c9dfeb7fa0986aa5414c8e
-
SHA512
27686708b200903b974be0d1f8d022dac77c0b3550995c361696b1a0256f653ea4de1566b20b579a4eb33cec4990d3b99735a9a1447e1d149d7859e3bf1c103c
-
SSDEEP
12288:YYF0k656o6B6+6+6+6+6J6p6P6u6O696n6+6S6K65636X6t6u6w6+6p6F6+6+6K8:p
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-