General
-
Target
c7f2358c6d043c69480de7d6bcffb1fc6c6467e21e5b3be0c84b6274d03ba284.vbs
-
Size
491KB
-
Sample
241002-d1ybksvekp
-
MD5
8619103fa6e661049111f4bbdd7fe0d2
-
SHA1
ca586ed66ab95510af2af9fb380575e885f3c6eb
-
SHA256
c7f2358c6d043c69480de7d6bcffb1fc6c6467e21e5b3be0c84b6274d03ba284
-
SHA512
d649b396c6e3dcb8fa0517a9a157a17f8842e9c0899510ced40c04d557b3d3ea0dbd70a1236fff519ebbe9ea9c64426cbc8ae048b98995e51c501eed48896d2b
-
SSDEEP
12288:NNjXVkBaQoLDBqKKcoXOZzIWPkETDuQnL3Qu5toTmP18cEuL9M7y8q8+01SB0WKg:y4cUteD9aS4Bh
Malware Config
Extracted
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
Extracted
agenttesla
Protocol: smtp- Host:
mail.dai-logistic.co.id - Port:
587 - Username:
[email protected] - Password:
domestic1234 - Email To:
[email protected]
Targets
-
-
Target
c7f2358c6d043c69480de7d6bcffb1fc6c6467e21e5b3be0c84b6274d03ba284.vbs
-
Size
491KB
-
MD5
8619103fa6e661049111f4bbdd7fe0d2
-
SHA1
ca586ed66ab95510af2af9fb380575e885f3c6eb
-
SHA256
c7f2358c6d043c69480de7d6bcffb1fc6c6467e21e5b3be0c84b6274d03ba284
-
SHA512
d649b396c6e3dcb8fa0517a9a157a17f8842e9c0899510ced40c04d557b3d3ea0dbd70a1236fff519ebbe9ea9c64426cbc8ae048b98995e51c501eed48896d2b
-
SSDEEP
12288:NNjXVkBaQoLDBqKKcoXOZzIWPkETDuQnL3Qu5toTmP18cEuL9M7y8q8+01SB0WKg:y4cUteD9aS4Bh
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-