General
-
Target
Invoice.pdf.lnk
-
Size
2KB
-
Sample
231201-qthc1aab61
-
MD5
66f5251fe4fc349f298c82e8202240ac
-
SHA1
b1e901e269720b9907ec05850300b61c18053795
-
SHA256
dd6426a7b0c6af78d31e3868b60fa4311e16094e27b553978505a95e93eca22a
-
SHA512
0187a44d7f7b9f9d1cbb62c7a41fbc2dfd66da31d3d144fb85cb54d290fac602fe85103d2e739287ccd1ef759b1f55a55f3c8de91dbee4f3a61e5cf4f387b9f3
Static task
static1
Behavioral task
behavioral1
Sample
Invoice.pdf.lnk
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
Invoice.pdf.lnk
Resource
win10v2004-20231127-en
Malware Config
Extracted
https://uploaddeimagens.com.br/images/004/674/364/original/vbsss.jpg?1700999331
https://uploaddeimagens.com.br/images/004/674/364/original/vbsss.jpg?1700999331
Extracted
agenttesla
https://api.telegram.org/bot6524734704:AAGq3YLDL6NzQcuHVLGgk3AVoRXLAEs79Dc/
Targets
-
-
Target
Invoice.pdf.lnk
-
Size
2KB
-
MD5
66f5251fe4fc349f298c82e8202240ac
-
SHA1
b1e901e269720b9907ec05850300b61c18053795
-
SHA256
dd6426a7b0c6af78d31e3868b60fa4311e16094e27b553978505a95e93eca22a
-
SHA512
0187a44d7f7b9f9d1cbb62c7a41fbc2dfd66da31d3d144fb85cb54d290fac602fe85103d2e739287ccd1ef759b1f55a55f3c8de91dbee4f3a61e5cf4f387b9f3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-