General
-
Target
Richiesta di preventivo_RFQ03272024_pdf.vbs
-
Size
38KB
-
Sample
240328-h1jkmsfc2y
-
MD5
8a0530bfc9d13277e0e17d29a3332e2f
-
SHA1
f4b0e3d14f828966aa757efa565e7e9b718b128b
-
SHA256
57bda585ab46e7352a204f54d86544ff5581a1ea7448d4ef1f82b1f9b2367867
-
SHA512
2d7781310c52b0a50bae3694ba09eb876b7710972417292c655e8808d44672ef2a6c2639d30f0bcec4bcf46ceae8690b2e545c4db8456594694e5d01579bf0c1
-
SSDEEP
768:u0mgBX0WAZGc8NnKwiQH5TjBXloK07vxCqnkP:9EqNnKwf5R1oK07JCqnw
Static task
static1
Behavioral task
behavioral1
Sample
Richiesta di preventivo_RFQ03272024_pdf.vbs
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Richiesta di preventivo_RFQ03272024_pdf.vbs
Resource
win10v2004-20240226-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.inkomech.com - Port:
587 - Username:
amir.hussin@inkomech.com - Password:
Amir@2021
Extracted
agenttesla
Protocol: smtp- Host:
mail.inkomech.com - Port:
587 - Username:
amir.hussin@inkomech.com - Password:
Amir@2021 - Email To:
kingpentecost22@gmail.com
Targets
-
-
Target
Richiesta di preventivo_RFQ03272024_pdf.vbs
-
Size
38KB
-
MD5
8a0530bfc9d13277e0e17d29a3332e2f
-
SHA1
f4b0e3d14f828966aa757efa565e7e9b718b128b
-
SHA256
57bda585ab46e7352a204f54d86544ff5581a1ea7448d4ef1f82b1f9b2367867
-
SHA512
2d7781310c52b0a50bae3694ba09eb876b7710972417292c655e8808d44672ef2a6c2639d30f0bcec4bcf46ceae8690b2e545c4db8456594694e5d01579bf0c1
-
SSDEEP
768:u0mgBX0WAZGc8NnKwiQH5TjBXloK07vxCqnkP:9EqNnKwf5R1oK07JCqnw
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-