General
-
Target
Stentmaster.vbs
-
Size
38KB
-
Sample
240327-hqx1aahh8v
-
MD5
613702fe5cd92cf1be6aee56add6c9ec
-
SHA1
99ecdbd2acfe1da9de01679f97d1f48e96af8929
-
SHA256
26e21e671b5aaad789b9b55783987f6654adc120c8f70c6ccecc39c349eecbe1
-
SHA512
c9eda14f03f6e94659494ea255c43b3dd4a334cb1070a1599a14dea2a30fd880115427a9a4058da0f1e78adfd889c8469c9e1d52cf2213cd4057a705d1f0bc5e
-
SSDEEP
768:u0LgBYRBVWAZGc8NnKwiQD2g+Q8z3SsJb:w6qNnKw6zz35
Static task
static1
Behavioral task
behavioral1
Sample
Stentmaster.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Stentmaster.vbs
Resource
win10v2004-20240319-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp8nl.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@# - Email To:
[email protected]
Targets
-
-
Target
Stentmaster.vbs
-
Size
38KB
-
MD5
613702fe5cd92cf1be6aee56add6c9ec
-
SHA1
99ecdbd2acfe1da9de01679f97d1f48e96af8929
-
SHA256
26e21e671b5aaad789b9b55783987f6654adc120c8f70c6ccecc39c349eecbe1
-
SHA512
c9eda14f03f6e94659494ea255c43b3dd4a334cb1070a1599a14dea2a30fd880115427a9a4058da0f1e78adfd889c8469c9e1d52cf2213cd4057a705d1f0bc5e
-
SSDEEP
768:u0LgBYRBVWAZGc8NnKwiQD2g+Q8z3SsJb:w6qNnKw6zz35
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-