General

  • Target

    ORA_162067_2024_1_440_22032024.vbs

  • Size

    164KB

  • Sample

    240323-jjnnpsef84

  • MD5

    1942c2739a25b0b6cc0e08e9a0ef5c83

  • SHA1

    81cc4205e580df053bfd4bea67d6ed35e2ac1393

  • SHA256

    a1ab61b969fadce4fef1a62bd1def3b12aef1371aec18acdc6992a5419be2362

  • SHA512

    30642da85f173fa7f4a636b009d25d53af4b5719bfe85af96e49c565aed425f0d6099cc1ae5c74e043e4af78b118ef209538249dc18012ff9c6174682200d823

  • SSDEEP

    3072:sOi4yENVBkYr4LhpVXpKnupn8kH3DPbkhZi3eNRna6ODj2zADY8Hhg7mM+bVa3y:sH4yENVOY0NpVXpK68kH3DPbkhZi3eNQ

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.ceviamonte.com.ar
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    josetony

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      ORA_162067_2024_1_440_22032024.vbs

    • Size

      164KB

    • MD5

      1942c2739a25b0b6cc0e08e9a0ef5c83

    • SHA1

      81cc4205e580df053bfd4bea67d6ed35e2ac1393

    • SHA256

      a1ab61b969fadce4fef1a62bd1def3b12aef1371aec18acdc6992a5419be2362

    • SHA512

      30642da85f173fa7f4a636b009d25d53af4b5719bfe85af96e49c565aed425f0d6099cc1ae5c74e043e4af78b118ef209538249dc18012ff9c6174682200d823

    • SSDEEP

      3072:sOi4yENVBkYr4LhpVXpKnupn8kH3DPbkhZi3eNRna6ODj2zADY8Hhg7mM+bVa3y:sH4yENVOY0NpVXpK68kH3DPbkhZi3eNQ

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks