General
-
Target
8e3bfa477e8e07147e1c3c8f7e2f14abf171b8e1304168a41b94e7e87648297b
-
Size
13KB
-
Sample
240427-bvzlcagb54
-
MD5
171a89d49988dc370e4c0bad78cdc1e8
-
SHA1
6139178c069b80b2842b9ce3629f5b035a850eb0
-
SHA256
8e3bfa477e8e07147e1c3c8f7e2f14abf171b8e1304168a41b94e7e87648297b
-
SHA512
dacd5530091642febd93803f8662d37071591595e082b338d557610a9c9a3743fcde6bef59de10df73e6751518d22ca3372403ebfd20c058823c8f0dd2309f8d
-
SSDEEP
384:o9iHTpV8O9g9o/pEI1Gd+mcYG12E3PJpAH+YSROhVpPgRDVNjb9vddlofO:dVnGK/pdGgfYG0E3PJpfLKVA5xddlP
Static task
static1
Behavioral task
behavioral1
Sample
8e3bfa477e8e07147e1c3c8f7e2f14abf171b8e1304168a41b94e7e87648297b.vbs
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
8e3bfa477e8e07147e1c3c8f7e2f14abf171b8e1304168a41b94e7e87648297b.vbs
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.controlfire.com.mx - Port:
587 - Username:
[email protected] - Password:
[;E4nNUMlscW - Email To:
[email protected]
Targets
-
-
Target
8e3bfa477e8e07147e1c3c8f7e2f14abf171b8e1304168a41b94e7e87648297b
-
Size
13KB
-
MD5
171a89d49988dc370e4c0bad78cdc1e8
-
SHA1
6139178c069b80b2842b9ce3629f5b035a850eb0
-
SHA256
8e3bfa477e8e07147e1c3c8f7e2f14abf171b8e1304168a41b94e7e87648297b
-
SHA512
dacd5530091642febd93803f8662d37071591595e082b338d557610a9c9a3743fcde6bef59de10df73e6751518d22ca3372403ebfd20c058823c8f0dd2309f8d
-
SSDEEP
384:o9iHTpV8O9g9o/pEI1Gd+mcYG12E3PJpAH+YSROhVpPgRDVNjb9vddlofO:dVnGK/pdGgfYG0E3PJpfLKVA5xddlP
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-