General
-
Target
RFQ INQ HCH2323ED.doc
-
Size
441KB
-
Sample
210504-mz3k3tyc9s
-
MD5
5f5c3e19ea34bd2aeb57b431fd01206b
-
SHA1
463b2c35a0e948bbb3edbc1b432128396222c30c
-
SHA256
b79ac89bc99c4d0d1c6bb50e874b665b054630ede73ab55978e99d1023b8723d
-
SHA512
97bd484d4e64d33e2a9de83263590188f619ad4acad321ee403166fb961fab0ebfa2ea27f9f6b85d9f2c2312131db06245452f6d2dac42d77b7659c3edca5c98
Static task
static1
Behavioral task
behavioral1
Sample
RFQ INQ HCH2323ED.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
RFQ INQ HCH2323ED.doc
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.myremediez.com - Port:
587 - Username:
sales@myremediez.com - Password:
123123456
Targets
-
-
Target
RFQ INQ HCH2323ED.doc
-
Size
441KB
-
MD5
5f5c3e19ea34bd2aeb57b431fd01206b
-
SHA1
463b2c35a0e948bbb3edbc1b432128396222c30c
-
SHA256
b79ac89bc99c4d0d1c6bb50e874b665b054630ede73ab55978e99d1023b8723d
-
SHA512
97bd484d4e64d33e2a9de83263590188f619ad4acad321ee403166fb961fab0ebfa2ea27f9f6b85d9f2c2312131db06245452f6d2dac42d77b7659c3edca5c98
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-