General
-
Target
ORA_162067_2024_1_440_22032024.vbs
-
Size
164KB
-
Sample
240323-jjnnpsef84
-
MD5
1942c2739a25b0b6cc0e08e9a0ef5c83
-
SHA1
81cc4205e580df053bfd4bea67d6ed35e2ac1393
-
SHA256
a1ab61b969fadce4fef1a62bd1def3b12aef1371aec18acdc6992a5419be2362
-
SHA512
30642da85f173fa7f4a636b009d25d53af4b5719bfe85af96e49c565aed425f0d6099cc1ae5c74e043e4af78b118ef209538249dc18012ff9c6174682200d823
-
SSDEEP
3072:sOi4yENVBkYr4LhpVXpKnupn8kH3DPbkhZi3eNRna6ODj2zADY8Hhg7mM+bVa3y:sH4yENVOY0NpVXpK68kH3DPbkhZi3eNQ
Static task
static1
Behavioral task
behavioral1
Sample
ORA_162067_2024_1_440_22032024.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ORA_162067_2024_1_440_22032024.vbs
Resource
win10v2004-20240226-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.ceviamonte.com.ar - Port:
587 - Username:
[email protected] - Password:
josetony
Extracted
agenttesla
Protocol: smtp- Host:
mail.ceviamonte.com.ar - Port:
587 - Username:
[email protected] - Password:
josetony - Email To:
[email protected]
Targets
-
-
Target
ORA_162067_2024_1_440_22032024.vbs
-
Size
164KB
-
MD5
1942c2739a25b0b6cc0e08e9a0ef5c83
-
SHA1
81cc4205e580df053bfd4bea67d6ed35e2ac1393
-
SHA256
a1ab61b969fadce4fef1a62bd1def3b12aef1371aec18acdc6992a5419be2362
-
SHA512
30642da85f173fa7f4a636b009d25d53af4b5719bfe85af96e49c565aed425f0d6099cc1ae5c74e043e4af78b118ef209538249dc18012ff9c6174682200d823
-
SSDEEP
3072:sOi4yENVBkYr4LhpVXpKnupn8kH3DPbkhZi3eNRna6ODj2zADY8Hhg7mM+bVa3y:sH4yENVOY0NpVXpK68kH3DPbkhZi3eNQ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-