General
-
Target
Revised-RBG-180129940.xlsx
-
Size
402KB
-
Sample
210126-b84twq7z8x
-
MD5
9a21b20bf0f722b2cd46058cbfad5571
-
SHA1
f359c45f331d5b159a1ae6ef80135f937bf32856
-
SHA256
7d1bd0f1e6c73ead87681243ebfc1576158807ae4d3448d39b1ee35db265b753
-
SHA512
8f350b572b864c5a2a96ad8306266e1cc6dfb7c3d81d18894dfdddda099a9d21a97b3aabaee41769693e862158f5282bc873d2f0e9bcfdea3be62a0b4e116328
Static task
static1
Behavioral task
behavioral1
Sample
Revised-RBG-180129940.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Revised-RBG-180129940.xlsx
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.shreejilogistix.com - Port:
587 - Username:
[email protected] - Password:
ZHNecv9PfHk2
Targets
-
-
Target
Revised-RBG-180129940.xlsx
-
Size
402KB
-
MD5
9a21b20bf0f722b2cd46058cbfad5571
-
SHA1
f359c45f331d5b159a1ae6ef80135f937bf32856
-
SHA256
7d1bd0f1e6c73ead87681243ebfc1576158807ae4d3448d39b1ee35db265b753
-
SHA512
8f350b572b864c5a2a96ad8306266e1cc6dfb7c3d81d18894dfdddda099a9d21a97b3aabaee41769693e862158f5282bc873d2f0e9bcfdea3be62a0b4e116328
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-