General
-
Target
Purchase order.doc
-
Size
69KB
-
Sample
210316-exd4xy2rr6
-
MD5
f0bbb85804a6759fe665b2482b6d083e
-
SHA1
0eba1c2a8877c96b1cda52a11ab2066124663e19
-
SHA256
d60076d9ebcd69f0403422ebb01bf2df5faa59ce3fe2596b76ba0868ec666549
-
SHA512
cc0f3314ba4d01de4af012eac61033d686183b83b2ec6a674ff27248f72dbbe86f8f655460ec37385d6c3f6628f80928dcfaa0cbb135fa541b270b92b5591abf
Static task
static1
Behavioral task
behavioral1
Sample
Purchase order.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Purchase order.doc
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
ruben000
Targets
-
-
Target
Purchase order.doc
-
Size
69KB
-
MD5
f0bbb85804a6759fe665b2482b6d083e
-
SHA1
0eba1c2a8877c96b1cda52a11ab2066124663e19
-
SHA256
d60076d9ebcd69f0403422ebb01bf2df5faa59ce3fe2596b76ba0868ec666549
-
SHA512
cc0f3314ba4d01de4af012eac61033d686183b83b2ec6a674ff27248f72dbbe86f8f655460ec37385d6c3f6628f80928dcfaa0cbb135fa541b270b92b5591abf
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-