General
-
Target
126503018.eml.zip
-
Size
3KB
-
Sample
210421-rxs2ek9d4s
-
MD5
112815430ea71ae812e30d1c596c9ad9
-
SHA1
28341737f4e6a8e3b2eac4bdf713dee94640a2ef
-
SHA256
28425375bde8a9d13ac9b57ccc32f046b2c7bebdf592b5af2d85146d565e9a9e
-
SHA512
e35df2e4850bceea76a15d6981d97ffd893589394b6cecd5512f614db290de118c85626b1a6ad01a48e2970eec9efe7472bde2601e6ada1eb3b57c105563916d
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Purchase Order.doc
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
prodip@precisionenergy.me - Password:
@Mexico1.,
Targets
-
-
Target
Purchase Order.doc
-
Size
4KB
-
MD5
9ef6eb1c4c2bc4c409fc59e4bbf36854
-
SHA1
e4e956b1f7e500073bab3ccef88e6c4bf784c663
-
SHA256
9aec6bdb253c4e34d6f4629baadc8a01d4674ac5bd084b791820160ed27d2b2b
-
SHA512
45764eb0feb82a7da251461fcf02e56e7b6468a4f45c89f8b3a9826cc81444d50126ad0595d7c19e3e551530763ee8fe94a37423316dd102e990a71fb829d1ca
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-