General
-
Target
sample.pps
-
Size
276KB
-
Sample
210304-fyr9v86476
-
MD5
dc7561a1b58b3bca63307ec9528efa3f
-
SHA1
cb188b649407fc4ed5ebe783d9bb4dc0e7657166
-
SHA256
f37d74514f1eac869f55ce9cd8916f5418191eb1a867a39bdfbc42bc88af0324
-
SHA512
b969966f8055058cab37c8b19d6f2c6e4164a7e8b36b911000b4c59e2ac64e2c2dff86e8d7810e775824175d743744857f2b9d3d7617bd80aa06764a115b42d8
Static task
static1
Behavioral task
behavioral1
Sample
Slip Comfirmation 04032021.pps
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Slip Comfirmation 04032021.pps
Resource
win10v20201028
Behavioral task
behavioral3
Sample
scan copy of transfer 04032021.ppt
Resource
win7v20201028
Behavioral task
behavioral4
Sample
scan copy of transfer 04032021.ppt
Resource
win10v20201028
Malware Config
Extracted
agenttesla
http://103.133.105.179/808/inc/39b29f468532e0.php
Targets
-
-
Target
Slip Comfirmation 04032021.pps
-
Size
99KB
-
MD5
0c97e932dd91c0f57d2cd4653a381317
-
SHA1
b8409f69937b115bed141903ac73ab51f7129e21
-
SHA256
705e140960cb61520e6079b2d98ae5088014f4831da1e281c10d560281a17dea
-
SHA512
db4826ef7779c0acd5e4eb89ed962277b3fd0ec86967e3f6cc0f2ddbd8133eff14d98117108a97445214f6a65eeda843045cb4fb483ce11d858cbff5e3e75045
Score1/10 -
-
-
Target
scan copy of transfer 04032021.ppt
-
Size
99KB
-
MD5
0c97e932dd91c0f57d2cd4653a381317
-
SHA1
b8409f69937b115bed141903ac73ab51f7129e21
-
SHA256
705e140960cb61520e6079b2d98ae5088014f4831da1e281c10d560281a17dea
-
SHA512
db4826ef7779c0acd5e4eb89ed962277b3fd0ec86967e3f6cc0f2ddbd8133eff14d98117108a97445214f6a65eeda843045cb4fb483ce11d858cbff5e3e75045
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-