General
-
Target
PO.xlsx
-
Size
367KB
-
Sample
210504-qsvvl8vzge
-
MD5
e5f61bba2d308a5b4108c0650ebc44de
-
SHA1
aada1b08a5a49e70f0c685527ac86f72f27a6310
-
SHA256
40896d35b172e5bbd2f26ee6d610a7b2f87769cdde3a3d793f9923009cc9b328
-
SHA512
11e1226c5433c97b74ec516262852a5cb7ec3c1629a45a38382978b5b1e5aa7db03bc1a6464df79f975b95e991b0a32f6bc2afefc4a093ec1428471f503587f0
Static task
static1
Behavioral task
behavioral1
Sample
PO.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PO.xlsx
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
info@sports024.com - Password:
DANIEL3116
Targets
-
-
Target
PO.xlsx
-
Size
367KB
-
MD5
e5f61bba2d308a5b4108c0650ebc44de
-
SHA1
aada1b08a5a49e70f0c685527ac86f72f27a6310
-
SHA256
40896d35b172e5bbd2f26ee6d610a7b2f87769cdde3a3d793f9923009cc9b328
-
SHA512
11e1226c5433c97b74ec516262852a5cb7ec3c1629a45a38382978b5b1e5aa7db03bc1a6464df79f975b95e991b0a32f6bc2afefc4a093ec1428471f503587f0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-