General
-
Target
PL_056_06_713.doc
-
Size
387KB
-
Sample
210511-n3pj34ht6a
-
MD5
7ea976fa35d432a5f1fbd95fedb6b491
-
SHA1
372fbcd853b6e3143abce13481b38a398a18d1c2
-
SHA256
5559a0af254ec91974ee7dbc6e48ded1b27e0b0bba31e8a5a7c3d935cbb3a134
-
SHA512
99665619c7b952edf1a443c237faf6ec33652710b6717128e5e80babc7c919faaf2305d8bdc3267311fa369329f03dd66cfb7561ea4875162e6c7ca2911d4910
Static task
static1
Behavioral task
behavioral1
Sample
PL_056_06_713.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PL_056_06_713.doc
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
sixjan.xyz - Port:
587 - Username:
zenom@sixjan.xyz - Password:
7&JWw;63ncJ^
Targets
-
-
Target
PL_056_06_713.doc
-
Size
387KB
-
MD5
7ea976fa35d432a5f1fbd95fedb6b491
-
SHA1
372fbcd853b6e3143abce13481b38a398a18d1c2
-
SHA256
5559a0af254ec91974ee7dbc6e48ded1b27e0b0bba31e8a5a7c3d935cbb3a134
-
SHA512
99665619c7b952edf1a443c237faf6ec33652710b6717128e5e80babc7c919faaf2305d8bdc3267311fa369329f03dd66cfb7561ea4875162e6c7ca2911d4910
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-