General
-
Target
items.doc
-
Size
383KB
-
Sample
210504-sfa8zwep4x
-
MD5
9761ac3d2ce33b764ed037486bb84998
-
SHA1
b0daa6953e3c6c88f1fd436b90675bc0b69259ab
-
SHA256
3b09b12a8088522bd05d01721976858896151a31638f1b70d3bd6159e6fb6cf1
-
SHA512
75e349e681d695773751a6e60f08bbd279772e01b292731e26912de0002db56844a1ba72cfe76f4f70d090895d0db0f310f0a4436cf726d95707c0ca67a055fe
Static task
static1
Behavioral task
behavioral1
Sample
items.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
items.doc
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
asus-tv.tk - Port:
587 - Username:
arinzelog@asus-tv.tk - Password:
7213575aceACE@#$
Targets
-
-
Target
items.doc
-
Size
383KB
-
MD5
9761ac3d2ce33b764ed037486bb84998
-
SHA1
b0daa6953e3c6c88f1fd436b90675bc0b69259ab
-
SHA256
3b09b12a8088522bd05d01721976858896151a31638f1b70d3bd6159e6fb6cf1
-
SHA512
75e349e681d695773751a6e60f08bbd279772e01b292731e26912de0002db56844a1ba72cfe76f4f70d090895d0db0f310f0a4436cf726d95707c0ca67a055fe
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-