General
-
Target
specification.xlsx
-
Size
379KB
-
Sample
210419-mw42akg2ba
-
MD5
94c2bb7133cc4bebeb9fbe43fc739d87
-
SHA1
daa3c4e5fc17f81fc4e1f6a54fa822bb59b2e36d
-
SHA256
3ec6f6e82d0a4ae08c365a701ab02d793e59db3a54f012c0639b693d7d5cf573
-
SHA512
fc24e772f07aaefed535837f0dd59a9e689766fa5325929e03e88371ac2b981b98ceeaf8b4eb239f1509691f8605e4e46e99fbd2fd43ad04284da4d41b731e41
Static task
static1
Behavioral task
behavioral1
Sample
specification.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
specification.xlsx
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.scrablex.com - Port:
587 - Username:
[email protected] - Password:
Chisom123.
Targets
-
-
Target
specification.xlsx
-
Size
379KB
-
MD5
94c2bb7133cc4bebeb9fbe43fc739d87
-
SHA1
daa3c4e5fc17f81fc4e1f6a54fa822bb59b2e36d
-
SHA256
3ec6f6e82d0a4ae08c365a701ab02d793e59db3a54f012c0639b693d7d5cf573
-
SHA512
fc24e772f07aaefed535837f0dd59a9e689766fa5325929e03e88371ac2b981b98ceeaf8b4eb239f1509691f8605e4e46e99fbd2fd43ad04284da4d41b731e41
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-