General
-
Target
DOC.ppt
-
Size
141KB
-
Sample
210224-7kgpgmpxea
-
MD5
53f09cdb89620ee0d02c006d5bdf758f
-
SHA1
caf1ff6f5563d23eac7c547f2309c0608ae3029f
-
SHA256
a9194b2dc593c73598cc95b3b1aad400910f48225e527dc61159300be44651ca
-
SHA512
60374ee268f24ce193c860caf5ccf779a94388f44923bf2ecd5ba3273dfe937c4d8f960cdd906f56eccd39a81623636a2b07c22f116de8f1ee48cbe5f89b8a94
Static task
static1
Behavioral task
behavioral1
Sample
DOC.ppt
Resource
win7v20201028
Behavioral task
behavioral2
Sample
DOC.ppt
Resource
win10v20201028
Malware Config
Targets
-
-
Target
DOC.ppt
-
Size
141KB
-
MD5
53f09cdb89620ee0d02c006d5bdf758f
-
SHA1
caf1ff6f5563d23eac7c547f2309c0608ae3029f
-
SHA256
a9194b2dc593c73598cc95b3b1aad400910f48225e527dc61159300be44651ca
-
SHA512
60374ee268f24ce193c860caf5ccf779a94388f44923bf2ecd5ba3273dfe937c4d8f960cdd906f56eccd39a81623636a2b07c22f116de8f1ee48cbe5f89b8a94
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-