General
-
Target
Zapytanie ofertowe (7427-23 ROCKFIN).vbs
-
Size
7KB
-
Sample
240424-fdzbgafa94
-
MD5
3a6ac16d9bc107b14e4caa9b7ad08756
-
SHA1
d6c6f6d4843ef83e2c4e3344060aca80b032eb43
-
SHA256
02b7361eeb75b842d6b7ade09f042879d501e50bc07a8d4edcfc04b7d728b0e7
-
SHA512
e0003c51e42c3ac764c6114692b1ee155c424e046cd3ba6f3a151bfb58eaccbc347f1cc0e9d3f0c90a6e350047056c38f79926fc716cab84b735533d64dd41ba
-
SSDEEP
96:+AwU3ey01WrZ9NnWh04lLchxcxaBKXaxcKicGeOuBhsempL92U9xsSwFABSCpu4P:+nWeRsrZXHOgpc3TfsjAQHBUBD
Static task
static1
Behavioral task
behavioral1
Sample
Zapytanie ofertowe (7427-23 ROCKFIN).vbs
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Zapytanie ofertowe (7427-23 ROCKFIN).vbs
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cash4cars.nz - Port:
587 - Username:
[email protected] - Password:
logs2024! - Email To:
[email protected]
Targets
-
-
Target
Zapytanie ofertowe (7427-23 ROCKFIN).vbs
-
Size
7KB
-
MD5
3a6ac16d9bc107b14e4caa9b7ad08756
-
SHA1
d6c6f6d4843ef83e2c4e3344060aca80b032eb43
-
SHA256
02b7361eeb75b842d6b7ade09f042879d501e50bc07a8d4edcfc04b7d728b0e7
-
SHA512
e0003c51e42c3ac764c6114692b1ee155c424e046cd3ba6f3a151bfb58eaccbc347f1cc0e9d3f0c90a6e350047056c38f79926fc716cab84b735533d64dd41ba
-
SSDEEP
96:+AwU3ey01WrZ9NnWh04lLchxcxaBKXaxcKicGeOuBhsempL92U9xsSwFABSCpu4P:+nWeRsrZXHOgpc3TfsjAQHBUBD
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-