General
-
Target
DAIKIN AC SPAIN 2024.vbs
-
Size
8KB
-
Sample
240424-fdy1psfa9z
-
MD5
edf7ea5f8de604b0caabc49fd06365b5
-
SHA1
1f6a6566a718b05572ddd239fb4aae1a629c2046
-
SHA256
a1541e8095205c49f9943fa5bb38fb3601ea04e2bcaa2386b9d8850c677f924a
-
SHA512
386e45884f032585937046e658ed47f772646ba94767c081d411e7cf3621fa264dd94a3e1bd764057d22dc1024b4e9da14dc49f888228fc76d61959de66c7bb9
-
SSDEEP
192:lLhK5s4cl1zdInbInx+VV/rOc3R9uAB8uaWUFiSoN7Sx6TYgWnXSt7qpnwxbuzkj:lLhK5hQz2n0u/yAR9nBbaB+FCuYgWXO9
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.jmfresh.sg - Port:
587 - Username:
[email protected] - Password:
[email protected] - Email To:
[email protected]
Targets
-
-
Target
DAIKIN AC SPAIN 2024.vbs
-
Size
8KB
-
MD5
edf7ea5f8de604b0caabc49fd06365b5
-
SHA1
1f6a6566a718b05572ddd239fb4aae1a629c2046
-
SHA256
a1541e8095205c49f9943fa5bb38fb3601ea04e2bcaa2386b9d8850c677f924a
-
SHA512
386e45884f032585937046e658ed47f772646ba94767c081d411e7cf3621fa264dd94a3e1bd764057d22dc1024b4e9da14dc49f888228fc76d61959de66c7bb9
-
SSDEEP
192:lLhK5s4cl1zdInbInx+VV/rOc3R9uAB8uaWUFiSoN7Sx6TYgWnXSt7qpnwxbuzkj:lLhK5hQz2n0u/yAR9nBbaB+FCuYgWXO9
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-