General
-
Target
ef670fb4793463bc81ae7f07fc809bab0962fec614a3fef3bc779a4a382c2eae.vbe
-
Size
10KB
-
Sample
241112-dl14xstdqd
-
MD5
254471760724bb645f41689c3bdc6dac
-
SHA1
ceda7f23ac91b4af194c758b3c6e5b9100766da4
-
SHA256
ef670fb4793463bc81ae7f07fc809bab0962fec614a3fef3bc779a4a382c2eae
-
SHA512
f18fad6ae29adb4fca5b4b1a3d525062f955bc94ec89d4d913e6b0d802838ed428ecfdc42c18ae8950814889d0636bb47598236163e2a138dea8062431a04867
-
SSDEEP
192:7QiwcCrwQiaIf536yhD1uFyQ3NvR13N1QZd9N0FK:2c+wQhQ53ZD8Fj3tRVN1M/NF
Static task
static1
Behavioral task
behavioral1
Sample
ef670fb4793463bc81ae7f07fc809bab0962fec614a3fef3bc779a4a382c2eae.vbe
Resource
win7-20240903-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
162.254.34.31 - Port:
587 - Username:
[email protected] - Password:
M992uew1mw6Z - Email To:
[email protected]
Targets
-
-
Target
ef670fb4793463bc81ae7f07fc809bab0962fec614a3fef3bc779a4a382c2eae.vbe
-
Size
10KB
-
MD5
254471760724bb645f41689c3bdc6dac
-
SHA1
ceda7f23ac91b4af194c758b3c6e5b9100766da4
-
SHA256
ef670fb4793463bc81ae7f07fc809bab0962fec614a3fef3bc779a4a382c2eae
-
SHA512
f18fad6ae29adb4fca5b4b1a3d525062f955bc94ec89d4d913e6b0d802838ed428ecfdc42c18ae8950814889d0636bb47598236163e2a138dea8062431a04867
-
SSDEEP
192:7QiwcCrwQiaIf536yhD1uFyQ3NvR13N1QZd9N0FK:2c+wQhQ53ZD8Fj3tRVN1M/NF
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-