General
-
Target
e2eb2639ee439ad5cca4736f1cbc7eaf53871480cc92852ee6832b51c8e10b15.vbs
-
Size
14KB
-
Sample
240605-cxh7tacc85
-
MD5
90515752d3c0c63e9d1ab4df85585923
-
SHA1
bafd7fc8f7f1286e43dbb9aec38d4659215581c7
-
SHA256
e2eb2639ee439ad5cca4736f1cbc7eaf53871480cc92852ee6832b51c8e10b15
-
SHA512
7b954cdffaa1046ddf75a01ba95855f712b9d2e3e3f5f7c66fa56364c730aae76e4dd4d667113c7ef208a0177ced23466c77f02365d97c4453999da0d1f6179f
-
SSDEEP
384:uca7f8sc8MNQEgDnSpmCJMhfJBPPx3IuoCI0:urf8P8xjsmoglPkz0
Static task
static1
Behavioral task
behavioral1
Sample
e2eb2639ee439ad5cca4736f1cbc7eaf53871480cc92852ee6832b51c8e10b15.vbs
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
e2eb2639ee439ad5cca4736f1cbc7eaf53871480cc92852ee6832b51c8e10b15.vbs
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot2130601984:AAFbq9oRuTM0trTEQbxU_lfoBZ4A2S2DeD8/
Targets
-
-
Target
e2eb2639ee439ad5cca4736f1cbc7eaf53871480cc92852ee6832b51c8e10b15.vbs
-
Size
14KB
-
MD5
90515752d3c0c63e9d1ab4df85585923
-
SHA1
bafd7fc8f7f1286e43dbb9aec38d4659215581c7
-
SHA256
e2eb2639ee439ad5cca4736f1cbc7eaf53871480cc92852ee6832b51c8e10b15
-
SHA512
7b954cdffaa1046ddf75a01ba95855f712b9d2e3e3f5f7c66fa56364c730aae76e4dd4d667113c7ef208a0177ced23466c77f02365d97c4453999da0d1f6179f
-
SSDEEP
384:uca7f8sc8MNQEgDnSpmCJMhfJBPPx3IuoCI0:urf8P8xjsmoglPkz0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-