General
-
Target
04052021paymentscancopy.doc
-
Size
4KB
-
Sample
210504-j9ecc957nj
-
MD5
05c282367425cd1e07674f9f92a76c7a
-
SHA1
2c2ea2e9ef29dc7dc2018200918d8e5e7d282b6b
-
SHA256
3f324b36806b1580450a1957e73f4a9c74567d3281db2db9a924dcb4c226202a
-
SHA512
96402db55346d59684204c553741f75b417a8dfad88930e72baf219ecb021b5de78e6a59b7efeade8606abb6f2bc1a45911567373c2dbecce953d44398bd8355
Static task
static1
Behavioral task
behavioral1
Sample
04052021paymentscancopy.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
04052021paymentscancopy.doc
Resource
win10v20210410
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1774464259:AAF9FzZxHVqbPEcJ50c3sNsdvyt_OEQ0GcA/sendDocument
Targets
-
-
Target
04052021paymentscancopy.doc
-
Size
4KB
-
MD5
05c282367425cd1e07674f9f92a76c7a
-
SHA1
2c2ea2e9ef29dc7dc2018200918d8e5e7d282b6b
-
SHA256
3f324b36806b1580450a1957e73f4a9c74567d3281db2db9a924dcb4c226202a
-
SHA512
96402db55346d59684204c553741f75b417a8dfad88930e72baf219ecb021b5de78e6a59b7efeade8606abb6f2bc1a45911567373c2dbecce953d44398bd8355
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Drops file in System32 directory
-