General
-
Target
PO_001412.doc
-
Size
445KB
-
Sample
210504-6jt4bejrys
-
MD5
7eb650183d4d3a9c79d897d11d54547d
-
SHA1
7a4f83f1fcacc6402032bdc309dd91d3e36c2549
-
SHA256
4a97062cd26aaa6430826f03ab22cd25668218b53b34c374e885e5820ee264f2
-
SHA512
c4ecfe0a6a2a48691278d44a198d2826b7fa5246da9ff2c93086b490e6dbdfcd7ffdc7763c96e8cae9fddefb7633884e02f58a8934f156b44543403e96f4e061
Static task
static1
Behavioral task
behavioral1
Sample
PO_001412.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PO_001412.doc
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.phuboatrading-vn.com - Port:
587 - Username:
logs@phuboatrading-vn.com - Password:
of2ZCW1li4ipTfyE
Targets
-
-
Target
PO_001412.doc
-
Size
445KB
-
MD5
7eb650183d4d3a9c79d897d11d54547d
-
SHA1
7a4f83f1fcacc6402032bdc309dd91d3e36c2549
-
SHA256
4a97062cd26aaa6430826f03ab22cd25668218b53b34c374e885e5820ee264f2
-
SHA512
c4ecfe0a6a2a48691278d44a198d2826b7fa5246da9ff2c93086b490e6dbdfcd7ffdc7763c96e8cae9fddefb7633884e02f58a8934f156b44543403e96f4e061
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-