Payment Advice.xlsx

General
Target

Payment Advice.xlsx

Size

3MB

Sample

210421-e3h6pjc5a2

Score
10 /10
MD5

5e1e64b617b1c40cf151b5d06e1beec5

SHA1

24d6ac44e463d05cb2f224123f0bfae3e7780181

SHA256

227f928eab84ca0736d1059cec135eb48996136d98c251ace0cd29d8c139471b

SHA512

aaad618656ab34b001772341a0f45036323a5422193e6262028013feaa7c1d0714d46c77fdf27667f76e742a9d6e18a30b20a67eeeb3095cfc0d7aabbb8b0eb2

Malware Config

Extracted

Family agenttesla
C2

https://api.telegram.org/bot1712271713:AAGJzuYypM3OwZho3Ow-PgwvbQRhZlQBGFk/sendDocument

Targets
Target

Payment Advice.xlsx

MD5

5e1e64b617b1c40cf151b5d06e1beec5

Filesize

3MB

Score
10 /10
SHA1

24d6ac44e463d05cb2f224123f0bfae3e7780181

SHA256

227f928eab84ca0736d1059cec135eb48996136d98c251ace0cd29d8c139471b

SHA512

aaad618656ab34b001772341a0f45036323a5422193e6262028013feaa7c1d0714d46c77fdf27667f76e742a9d6e18a30b20a67eeeb3095cfc0d7aabbb8b0eb2

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                Privilege Escalation
                  Tasks

                  static1

                  behavioral2

                  1/10