General
-
Target
AL JUNEIDI LIST.xlsx
-
Size
2.4MB
-
Sample
210408-67njjmapwe
-
MD5
60540d14ce3fad98f702136cd2a4c28b
-
SHA1
86da698cf83d97aae2c778d772998b61192a72e4
-
SHA256
23747e944ff608bffb823f5282f7214e932dd24897aef0c7618c7b7741d61304
-
SHA512
a1007f161432ca1d4c3b39fb920c6699e2ecc076d843bc35a01bd9345964b0fd853c046638a6aef461d6f6796642285a3f0628cc309e39f0ee0ee925b2529536
Static task
static1
Behavioral task
behavioral1
Sample
AL JUNEIDI LIST.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
AL JUNEIDI LIST.xlsx
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
armyscheme3@yandex.com - Password:
browse9ja
Targets
-
-
Target
AL JUNEIDI LIST.xlsx
-
Size
2.4MB
-
MD5
60540d14ce3fad98f702136cd2a4c28b
-
SHA1
86da698cf83d97aae2c778d772998b61192a72e4
-
SHA256
23747e944ff608bffb823f5282f7214e932dd24897aef0c7618c7b7741d61304
-
SHA512
a1007f161432ca1d4c3b39fb920c6699e2ecc076d843bc35a01bd9345964b0fd853c046638a6aef461d6f6796642285a3f0628cc309e39f0ee0ee925b2529536
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-