General
-
Target
Richiesta dofferta _2345_2024395_PDF.vbe
-
Size
162KB
-
Sample
240323-jjnnpsef83
-
MD5
1fa5215dc1d5310ba94031ac7c55ae48
-
SHA1
42b2fcaa68d0218e1be00e837caffe193b45f193
-
SHA256
5ea48e4d8b029fbe61cd7bd7045fde09ac93e2760bfc7af726be1786f541141b
-
SHA512
6a44ad5d5f6ce83bf69d77055b8445ce2c0720f968dd81c5f0ce53ea0b122aa818f7417d6fb610883cb0890d17a857c5e46f6fe7e7cc49d297521393f3b74e48
-
SSDEEP
3072:s74yENVBkYr4LhpVXpKnupn8kH3DPbkhZi3eNR2EOGqJd0W5jpBfMgGuZ81uxk:s74yENVOY0NpVXpK68kH3DPbkhZi3eN/
Static task
static1
Behavioral task
behavioral1
Sample
Richiesta dofferta _2345_2024395_PDF.vbe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Richiesta dofferta _2345_2024395_PDF.vbe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tecniseal.es - Port:
587 - Username:
[email protected] - Password:
12348*tecniseal - Email To:
[email protected]
Targets
-
-
Target
Richiesta dofferta _2345_2024395_PDF.vbe
-
Size
162KB
-
MD5
1fa5215dc1d5310ba94031ac7c55ae48
-
SHA1
42b2fcaa68d0218e1be00e837caffe193b45f193
-
SHA256
5ea48e4d8b029fbe61cd7bd7045fde09ac93e2760bfc7af726be1786f541141b
-
SHA512
6a44ad5d5f6ce83bf69d77055b8445ce2c0720f968dd81c5f0ce53ea0b122aa818f7417d6fb610883cb0890d17a857c5e46f6fe7e7cc49d297521393f3b74e48
-
SSDEEP
3072:s74yENVBkYr4LhpVXpKnupn8kH3DPbkhZi3eNR2EOGqJd0W5jpBfMgGuZ81uxk:s74yENVOY0NpVXpK68kH3DPbkhZi3eN/
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-