General
-
Target
130578500.doc
-
Size
394KB
-
Sample
210421-e38d6dwc56
-
MD5
b7f5cd0f71b6d7d065a71b15da48e3c4
-
SHA1
86d4ca02380ee9e7f92eeb88c620f033ece6ad7a
-
SHA256
d8f43b35cd944e3a4852ae3241afccae491317a11853385b86e6859fc07abc29
-
SHA512
b3d95c9fb14c941c68f6ee5f4e97326b82b182605926552342459216854d3f33859824d9488e6ce255ef5291054da49783a3f828ff59cce67e80c683b658a087
Static task
static1
Behavioral task
behavioral1
Sample
130578500.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
130578500.doc
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
janryone.xyz - Port:
587 - Username:
ammond@janryone.xyz - Password:
xv*ZM6fqfw&7
Targets
-
-
Target
130578500.doc
-
Size
394KB
-
MD5
b7f5cd0f71b6d7d065a71b15da48e3c4
-
SHA1
86d4ca02380ee9e7f92eeb88c620f033ece6ad7a
-
SHA256
d8f43b35cd944e3a4852ae3241afccae491317a11853385b86e6859fc07abc29
-
SHA512
b3d95c9fb14c941c68f6ee5f4e97326b82b182605926552342459216854d3f33859824d9488e6ce255ef5291054da49783a3f828ff59cce67e80c683b658a087
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-