Overview

overview

10

Static

static

1

orden de compra.vbs

windows7-x64

10

orden de compra.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    orden de compra.vbs

  • Size

    4KB

  • Sample

    240424-fdebasfa85

  • MD5

    a9adf46657f51b2156df15d0205b2b68

  • SHA1

    267f6ce51db2758acbbfa7e5889924675d6e82c9

  • SHA256

    dbf832467044f498c73a6c65ed31c2aee84c8e6e90c2017524fe3a7e7b6f7205

  • SHA512

    5250487d7355a291fa615a52be4e7cef94cfb4b045c49a2e37ea854477e3a78fa0e6dc3478304d726dbe0e41ffbab18b921d47e4ae9202cb28105555c44553e9

  • SSDEEP

    96:hQeuIznFaoXeHjbAKxfMpHSpQnn8ftGZ2k7:L5cs8i2k7

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.horeca-bucuresti.ro
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    H*TE9iL;x61m

Targets

    • Target

      orden de compra.vbs

    • Size

      4KB

    • MD5

      a9adf46657f51b2156df15d0205b2b68

    • SHA1

      267f6ce51db2758acbbfa7e5889924675d6e82c9

    • SHA256

      dbf832467044f498c73a6c65ed31c2aee84c8e6e90c2017524fe3a7e7b6f7205

    • SHA512

      5250487d7355a291fa615a52be4e7cef94cfb4b045c49a2e37ea854477e3a78fa0e6dc3478304d726dbe0e41ffbab18b921d47e4ae9202cb28105555c44553e9

    • SSDEEP

      96:hQeuIznFaoXeHjbAKxfMpHSpQnn8ftGZ2k7:L5cs8i2k7

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks