General
-
Target
Quotations73280126721_Oriental_Fastech_Manufacturing.doc
-
Size
1.3MB
-
Sample
210426-8k72cwlaxe
-
MD5
119d28e046cbbb09ae53b69e71022536
-
SHA1
7b093bfbf305d4bb27ab316058040a6e965ba412
-
SHA256
14adc741ca2c62d85977d06fac69567c233bfd2020b71ec5d5e40adba64131f7
-
SHA512
559dbde267998f6df436eb14f1fe91df5424bda87865508b69a0611b3f16716dbef53b2aea3d4e28f327ee2bf06a893a4a7650a96d55aaba7253648ac3331f3a
Static task
static1
Behavioral task
behavioral1
Sample
Quotations73280126721_Oriental_Fastech_Manufacturing.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Quotations73280126721_Oriental_Fastech_Manufacturing.doc
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
sammorris@askoblue.com - Password:
P)RTDOg8
Targets
-
-
Target
Quotations73280126721_Oriental_Fastech_Manufacturing.doc
-
Size
1.3MB
-
MD5
119d28e046cbbb09ae53b69e71022536
-
SHA1
7b093bfbf305d4bb27ab316058040a6e965ba412
-
SHA256
14adc741ca2c62d85977d06fac69567c233bfd2020b71ec5d5e40adba64131f7
-
SHA512
559dbde267998f6df436eb14f1fe91df5424bda87865508b69a0611b3f16716dbef53b2aea3d4e28f327ee2bf06a893a4a7650a96d55aaba7253648ac3331f3a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-