General
-
Target
Justificante de pago.rar
-
Size
7KB
-
Sample
241016-qykc6awcqp
-
MD5
c5be1f150ff562b8eda027dd10002891
-
SHA1
505fc9f6760a4ec059d42937a67ee7e1eb8580eb
-
SHA256
3c292fafa7804364bdbed423668c6a33adf8eaa0a51b10415a7327cf0bb46509
-
SHA512
f63c2c2eece95959f1e81c0213f04951ed2a7b8ad04e1a8c6e20da59383117305e6256310906a6a187b73f1949f320ed1a5ee4a8e2b0d593040ac98882ea1e93
-
SSDEEP
192:X64ufD3yZJ/gXdhRJPlldnXtwjzvSXW+WPEZBP:X64w2ZxAdvt8aXW+IuF
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
marcellinus360 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
marcellinus360
Targets
-
-
Target
Justificante de pago.vbs
-
Size
14KB
-
MD5
2b8ac25e95bfd001ab3918830e3871c1
-
SHA1
a2d4688503ac088ac5773ee11e23478efd368c22
-
SHA256
10eeb719faf8e25b657be07a0d79e4d4d329adb11e61d63f7572fb03c21bdc62
-
SHA512
9f52e477f43170d50662b3c462eadb72ee3219ba835e352a45b4a851e08071c527feb30af206fe54b01bfa3a8c999ce462e05072aa091890d81707429d77eb38
-
SSDEEP
192:5Lmd4CdOuruUl1OgmEg5Rh7rMSTiuoXZ4caR/C3pQmkUOqiNESY8T1PHL:5yfzb1OTEg5Rh7rMMiXpAFCZeT1HL
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-