General
-
Target
presupuesto.xlsx
-
Size
1.6MB
-
Sample
210511-jwkfzb8pl6
-
MD5
0c44a9fa4ce2184c319d7d2b1dc6e319
-
SHA1
fb24049452c8a31eab37ef00099b0604bd40cd95
-
SHA256
8c7d8fc2a97430056c231bcc2e3601fd27718e08c105171175789a6d86921cea
-
SHA512
a823ed02ed0129d55711b401ad175f877d4828e3c1040cad5cb83f04742d32ecf7b988ab8ba208af8f3a9226381377f953b1ca1bfdd22c96bda364c1ba13ca92
Static task
static1
Behavioral task
behavioral1
Sample
presupuesto.xlsx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
presupuesto.xlsx
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.kaeiser.com - Port:
587 - Username:
sergio.arroyo@kaeiser.com - Password:
QIErWCn3
Targets
-
-
Target
presupuesto.xlsx
-
Size
1.6MB
-
MD5
0c44a9fa4ce2184c319d7d2b1dc6e319
-
SHA1
fb24049452c8a31eab37ef00099b0604bd40cd95
-
SHA256
8c7d8fc2a97430056c231bcc2e3601fd27718e08c105171175789a6d86921cea
-
SHA512
a823ed02ed0129d55711b401ad175f877d4828e3c1040cad5cb83f04742d32ecf7b988ab8ba208af8f3a9226381377f953b1ca1bfdd22c96bda364c1ba13ca92
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-