General
-
Target
STS_Bunker_00617.vbs
-
Size
92KB
-
Sample
240618-lkxn4sxfqf
-
MD5
dfe2a23100ac3263583e69f48e9b32e6
-
SHA1
20087641aba69eaaaef0f87a7d21edd8a255db60
-
SHA256
9aa64f43d090ff657848da74a0c2ea1f3211fa1d88ac3fa603e65d724360a957
-
SHA512
48b5bf8605415ead17d375adc9613b73f8e3f80132086f2a3ef11df7684e1d43ad4f97aee65967986a9964d81edcd7043d7faaf720fcd1f73052411d43153038
-
SSDEEP
1536:V01/LsA0DnkdzhX7RXaSMmr2rFHxsASgxWxCwhrdM5eW8VLOExkzL:V09LB0DnWzhX7RXaSMxhxsAhWEwhrdMh
Static task
static1
Behavioral task
behavioral1
Sample
STS_Bunker_00617.vbs
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
STS_Bunker_00617.vbs
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Port:
587 - Username:
[email protected]
Targets
-
-
Target
STS_Bunker_00617.vbs
-
Size
92KB
-
MD5
dfe2a23100ac3263583e69f48e9b32e6
-
SHA1
20087641aba69eaaaef0f87a7d21edd8a255db60
-
SHA256
9aa64f43d090ff657848da74a0c2ea1f3211fa1d88ac3fa603e65d724360a957
-
SHA512
48b5bf8605415ead17d375adc9613b73f8e3f80132086f2a3ef11df7684e1d43ad4f97aee65967986a9964d81edcd7043d7faaf720fcd1f73052411d43153038
-
SSDEEP
1536:V01/LsA0DnkdzhX7RXaSMmr2rFHxsASgxWxCwhrdM5eW8VLOExkzL:V09LB0DnWzhX7RXaSMxhxsAhWEwhrdMh
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-