General
-
Target
payment receipt.doc
-
Size
566KB
-
Sample
210419-dfd7zpe23n
-
MD5
62a7b3f94fccff2290554183030a7295
-
SHA1
2ecc1fcffe96a21bfdc33a30a1f79195f96b3cf8
-
SHA256
77ff0fe733a29458872bac397a3f6bf6a6abf878edcd7cdd21b4b7fc396ec56e
-
SHA512
ef6608e72b01c272665245367d22258980f173e3bd70b9a8a7a1f21a59a88aaa0380845d3615f2bb41cd0667c457d201c17d88f00f5c265b1cade0059c3f1427
Static task
static1
Behavioral task
behavioral1
Sample
payment receipt.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
payment receipt.doc
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.orienttech.com.qa - Port:
587 - Username:
[email protected] - Password:
Op{^fLb9gN[!
Targets
-
-
Target
payment receipt.doc
-
Size
566KB
-
MD5
62a7b3f94fccff2290554183030a7295
-
SHA1
2ecc1fcffe96a21bfdc33a30a1f79195f96b3cf8
-
SHA256
77ff0fe733a29458872bac397a3f6bf6a6abf878edcd7cdd21b4b7fc396ec56e
-
SHA512
ef6608e72b01c272665245367d22258980f173e3bd70b9a8a7a1f21a59a88aaa0380845d3615f2bb41cd0667c457d201c17d88f00f5c265b1cade0059c3f1427
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-