General
-
Target
16210869862.zip
-
Size
17KB
-
Sample
240327-xm1z4aaa56
-
MD5
76bcec4047124ebde7d6fd726437ec4f
-
SHA1
50181c58d4e7ee49da73b16538c10c49ad47bd57
-
SHA256
451a0de15470d3acfe3e3d546462ac55676d806336d3452ac1bc7ffe6f47cfd4
-
SHA512
4b6608bc32fdfc608f5b8ef3f4e5cb4a68388db993801bcda2d7153d6e0f036c82c0d71b184852e50cbcddfef6b39b78c7f98896ad27e1bd15c7caf62fab17f8
-
SSDEEP
384:xjCDf2oXTXrOW3fzi6GJ22xOeNLKJnsoKlUoRoB1N7pToPuEfnnM4qFWw:xjCDflXfXfzwN2JsTRy1Nm9nnVw
Static task
static1
Behavioral task
behavioral1
Sample
Richiesta di preventivo_RFQ20242703_pdf.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Richiesta di preventivo_RFQ20242703_pdf.vbs
Resource
win10v2004-20240319-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tecniseal.es - Port:
587 - Username:
esther.lopez@tecniseal.es - Password:
12348*tecniseal - Email To:
officialspace6@gmail.com
Targets
-
-
Target
Richiesta di preventivo_RFQ20242703_pdf.vbs
-
Size
38KB
-
MD5
883530fd75a356dad534bdb7aa39e947
-
SHA1
2f7cd81fb69b269273068bc97a012216f67e35d0
-
SHA256
5212ef58efb4b855a2aaf4bbaf81a4912810982631e2afaf246963fea954fe64
-
SHA512
53d804000f64091fd407747262d011c5d73d892be9cf137d1466bd4150bebb0851fdc11e6937163e845ec3cb7e6929e10e8601833d20fa75e126dbf1a2f46362
-
SSDEEP
768:u0ygBLXWAZGc8NnKwiQ6x/dSNQT1AOBG/m:Z3qNnKwKLTBB
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-