General

  • Target

    Richiesta dofferta _2345_2024395_PDF.vbe

  • Size

    162KB

  • Sample

    240323-jjnnpsef83

  • MD5

    1fa5215dc1d5310ba94031ac7c55ae48

  • SHA1

    42b2fcaa68d0218e1be00e837caffe193b45f193

  • SHA256

    5ea48e4d8b029fbe61cd7bd7045fde09ac93e2760bfc7af726be1786f541141b

  • SHA512

    6a44ad5d5f6ce83bf69d77055b8445ce2c0720f968dd81c5f0ce53ea0b122aa818f7417d6fb610883cb0890d17a857c5e46f6fe7e7cc49d297521393f3b74e48

  • SSDEEP

    3072:s74yENVBkYr4LhpVXpKnupn8kH3DPbkhZi3eNR2EOGqJd0W5jpBfMgGuZ81uxk:s74yENVOY0NpVXpK68kH3DPbkhZi3eN/

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Richiesta dofferta _2345_2024395_PDF.vbe

    • Size

      162KB

    • MD5

      1fa5215dc1d5310ba94031ac7c55ae48

    • SHA1

      42b2fcaa68d0218e1be00e837caffe193b45f193

    • SHA256

      5ea48e4d8b029fbe61cd7bd7045fde09ac93e2760bfc7af726be1786f541141b

    • SHA512

      6a44ad5d5f6ce83bf69d77055b8445ce2c0720f968dd81c5f0ce53ea0b122aa818f7417d6fb610883cb0890d17a857c5e46f6fe7e7cc49d297521393f3b74e48

    • SSDEEP

      3072:s74yENVBkYr4LhpVXpKnupn8kH3DPbkhZi3eNR2EOGqJd0W5jpBfMgGuZ81uxk:s74yENVOY0NpVXpK68kH3DPbkhZi3eN/

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks