General
-
Target
detalle_transferencia_2024-05-13T064143.173 0200_3049280002017526_PDF.vbs
-
Size
156KB
-
Sample
240515-l1q69scd28
-
MD5
af4988727a30510d3be9d7404adaefa3
-
SHA1
cd1f3c4379a535b47172a48b4aaecc63763ad253
-
SHA256
db31131e1d0ee7cbad33e28f61c55867ade268fcbf780516f08565498ce6f527
-
SHA512
0e97a3324de0a7d4c07716f62e54bc6b5b1f66cbc8b72f76a99ac1c277a76be99e30ee04f28990bc901e520242df68d4c1df02bca7947cafdfba0dcd6110f4cf
-
SSDEEP
1536:X2yd99CObitCocEW1aJK66n5yhtW0/5JpWn4ctYg0BCbUZlu9gISsRL:GydI9JK6X/vc2g0BCcU
Static task
static1
Behavioral task
behavioral1
Sample
detalle_transferencia_2024-05-13T064143.173 0200_3049280002017526_PDF.vbs
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
detalle_transferencia_2024-05-13T064143.173 0200_3049280002017526_PDF.vbs
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.Privateemail.com - Port:
587 - Username:
[email protected] - Password:
V8~vk=Wnsf,N - Email To:
[email protected]
Targets
-
-
Target
detalle_transferencia_2024-05-13T064143.173 0200_3049280002017526_PDF.vbs
-
Size
156KB
-
MD5
af4988727a30510d3be9d7404adaefa3
-
SHA1
cd1f3c4379a535b47172a48b4aaecc63763ad253
-
SHA256
db31131e1d0ee7cbad33e28f61c55867ade268fcbf780516f08565498ce6f527
-
SHA512
0e97a3324de0a7d4c07716f62e54bc6b5b1f66cbc8b72f76a99ac1c277a76be99e30ee04f28990bc901e520242df68d4c1df02bca7947cafdfba0dcd6110f4cf
-
SSDEEP
1536:X2yd99CObitCocEW1aJK66n5yhtW0/5JpWn4ctYg0BCbUZlu9gISsRL:GydI9JK6X/vc2g0BCcU
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-