General
-
Target
1c31b45b07f429dd0296160da45db469a64a7e2661fd8488971519d1afa88b0f.vbs
-
Size
12KB
-
Sample
240511-kh21dahc9y
-
MD5
4839467492ca995ede8598aa0e632fee
-
SHA1
62526100aad9d085f45bc53610706c91ec81e2f4
-
SHA256
1c31b45b07f429dd0296160da45db469a64a7e2661fd8488971519d1afa88b0f
-
SHA512
5d7adf42fb2425f913ea2cd71ad13d1494fc388abe6fdf83eeab165c2dd1a3808fd109d1f4c5a44c35d87e90c8c56acbb66b06032b12764734f3cae001267dc2
-
SSDEEP
384:OIFZH8FVo/CUC0y4Qomzd+m8BGSKx3PUpbH+jyRR2VpPgR0VN+bExJ7xx1Ma:WVW3by4izgXBGFx3PUpK+2VhIAd
Static task
static1
Behavioral task
behavioral1
Sample
1c31b45b07f429dd0296160da45db469a64a7e2661fd8488971519d1afa88b0f.vbs
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.folder.ro - Port:
21 - Username:
[email protected] - Password:
R2r76%(3v^H0
Targets
-
-
Target
1c31b45b07f429dd0296160da45db469a64a7e2661fd8488971519d1afa88b0f.vbs
-
Size
12KB
-
MD5
4839467492ca995ede8598aa0e632fee
-
SHA1
62526100aad9d085f45bc53610706c91ec81e2f4
-
SHA256
1c31b45b07f429dd0296160da45db469a64a7e2661fd8488971519d1afa88b0f
-
SHA512
5d7adf42fb2425f913ea2cd71ad13d1494fc388abe6fdf83eeab165c2dd1a3808fd109d1f4c5a44c35d87e90c8c56acbb66b06032b12764734f3cae001267dc2
-
SSDEEP
384:OIFZH8FVo/CUC0y4Qomzd+m8BGSKx3PUpbH+jyRR2VpPgR0VN+bExJ7xx1Ma:WVW3by4izgXBGFx3PUpK+2VhIAd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-