A Tale of Two Dropper Scripts for Agent Tesla
Tags
maec-delivery-vectors: | Watering Hole |
attack-pattern: | Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Scripting - T1064 Scripting |
Common Information
Type | Value |
---|---|
UUID | d3122b61-4896-4f1a-900d-009340eeaf54 |
Fingerprint | b042b932ef8ee3f6 |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | Jan. 3, 2022, midnight |
Added to db | Sept. 26, 2022, 9:34 a.m. |
Last updated | Nov. 17, 2024, 6:54 p.m. |
Headline | A Tale of Two Dropper Scripts for Agent Tesla |
Title | A Tale of Two Dropper Scripts for Agent Tesla |
Detected Hints/Tags/Attributes | 29/2/22 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://forensicitguy.github.io/a-tale-of-two-dropper-scripts/ |
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 93 | bazaar.abuse.ch |
|
Details | Domain | 372 | wscript.shell |
|
Details | Domain | 1 | mudanzasdistintas.com.ar |
|
Details | Domain | 75 | tria.ge |
|
Details | Domain | 74 | adodb.stream |
|
Details | Domain | 1 | sea.open |
|
Details | Domain | 1 | helper.run |
|
Details | File | 5 | rt.exe |
|
Details | File | 7 | 'msxml2.xml |
|
Details | File | 1 | td.exe |
|
Details | File | 41 | msxml2.xml |
|
Details | File | 1 | documentos.js |
|
Details | File | 376 | wscript.exe |
|
Details | File | 1 | medo.dat |
|
Details | File | 1 | anyname.exe |
|
Details | File | 1 | tgftr.vbs |
|
Details | File | 1 | mal.bin |
|
Details | sha256 | 1 | 46dd53f3096877a4cad89b77f2d23018d8bc5887a9c0d699cb43ffe9d0b5e29d |
|
Details | sha256 | 1 | ac0517947c0be7baad44fb8f054215c00ada03bb61772bab9eb52e48a9c3a097 |
|
Details | Url | 1 | https://bazaar.abuse.ch/sample/46dd53f3096877a4cad89b77f2d23018d8bc5887a9c0d699cb43ffe9d0b5e29d |
|
Details | Url | 1 | https://bazaar.abuse.ch/sample/ac0517947c0be7baad44fb8f054215c00ada03bb61772bab9eb52e48a9c3a097 |
|
Details | Url | 1 | http://mudanzasdistintas.com.ar/vvt/td.exe |