General
-
Target
Pending DHL Shipment Notification REF 04521.xlsx
-
Size
964KB
-
Sample
210504-k24tj3vsx6
-
MD5
04bc6764f8cdffb64457c5d2a4fb724e
-
SHA1
0f07900befe2912a1539b02bf0897c858da65238
-
SHA256
cce20e15d25dff33fc03049e3fdfdf643eb50726e55e8c17994f64aa45bcd29e
-
SHA512
5d6616eb2a6f0fb627f9b1b7b8fdcf6a99c4c3396a68033690cad57129e954b63f2445c40da087d8d7340e1c6310fe43b7bca4ed02043661c3b7de74921e0ed8
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1620445910:AAF2v81NoINJsu_XXnpGet1YDm-NxnznaIE/sendDocument
Targets
-
-
Target
Pending DHL Shipment Notification REF 04521.xlsx
-
Size
964KB
-
MD5
04bc6764f8cdffb64457c5d2a4fb724e
-
SHA1
0f07900befe2912a1539b02bf0897c858da65238
-
SHA256
cce20e15d25dff33fc03049e3fdfdf643eb50726e55e8c17994f64aa45bcd29e
-
SHA512
5d6616eb2a6f0fb627f9b1b7b8fdcf6a99c4c3396a68033690cad57129e954b63f2445c40da087d8d7340e1c6310fe43b7bca4ed02043661c3b7de74921e0ed8
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-