General
-
Target
QuotationQO210421A87356_samples_products_sinoma_internationals.doc
-
Size
2.3MB
-
Sample
210422-waapgmhxfe
-
MD5
185b488dfaba7dfe7d3198c997f7a00f
-
SHA1
e91de54b194a2fad9b7f0978470072d8058c2021
-
SHA256
e3b03d6c376e317401a5ddc5d99caf74017ac9597c50bca80b1f98e8b6654aaa
-
SHA512
efc0e6fa9cc8261e371a2208938612af40e2406477cee776d577f7cad2be6d58572c00754c372dd70d663137a09691eb61c74763943a249fe5ae263db886beb9
Static task
static1
Behavioral task
behavioral1
Sample
QuotationQO210421A87356_samples_products_sinoma_internationals.doc.rtf
Resource
win7v20210410
Behavioral task
behavioral2
Sample
QuotationQO210421A87356_samples_products_sinoma_internationals.doc.rtf
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
eammorris@askoblue.com - Password:
zQHG#uz5
Targets
-
-
Target
QuotationQO210421A87356_samples_products_sinoma_internationals.doc
-
Size
2.3MB
-
MD5
185b488dfaba7dfe7d3198c997f7a00f
-
SHA1
e91de54b194a2fad9b7f0978470072d8058c2021
-
SHA256
e3b03d6c376e317401a5ddc5d99caf74017ac9597c50bca80b1f98e8b6654aaa
-
SHA512
efc0e6fa9cc8261e371a2208938612af40e2406477cee776d577f7cad2be6d58572c00754c372dd70d663137a09691eb61c74763943a249fe5ae263db886beb9
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-