General
-
Target
Files & Specifications Attached.doc
-
Size
375KB
-
Sample
210304-efffyt7p4s
-
MD5
494bc5dfb57dfa2e10e08b0be7bf60fd
-
SHA1
d46d1466f4b0a2bb3a1776f576bb04fdb2d35c53
-
SHA256
bc9028296e79ac08c8116043a41d163268e9830fb7ed9c240fb3211409122ff4
-
SHA512
58d77eac1ff57dd7ab6f024c871bfe3cef89650758d48f2fb79e3e6ca6f0fa3dcdea369884a4aba8cd62090a1172a8b31c5ff410350794337add8f316b7ff969
Static task
static1
Behavioral task
behavioral1
Sample
Files & Specifications Attached.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Files & Specifications Attached.doc
Resource
win10v20201028
Malware Config
Extracted
https://bit.ly/3c2LC4W
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.curidesigner.com/ - Port:
21 - Username:
dod@curidesigner.com - Password:
boygirl123456
Targets
-
-
Target
Files & Specifications Attached.doc
-
Size
375KB
-
MD5
494bc5dfb57dfa2e10e08b0be7bf60fd
-
SHA1
d46d1466f4b0a2bb3a1776f576bb04fdb2d35c53
-
SHA256
bc9028296e79ac08c8116043a41d163268e9830fb7ed9c240fb3211409122ff4
-
SHA512
58d77eac1ff57dd7ab6f024c871bfe3cef89650758d48f2fb79e3e6ca6f0fa3dcdea369884a4aba8cd62090a1172a8b31c5ff410350794337add8f316b7ff969
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-