General
-
Target
IMG_057_163_22.doc
-
Size
183KB
-
Sample
210511-y4361ngz12
-
MD5
49ad6fb2dca5d329f6c458ebb172f35f
-
SHA1
814e7ee66ade2d0b7eeca2f4c655709939b31ac9
-
SHA256
69ac0d42dce05bcd01273fc11a1a73fa7d6ab446ef129677940a328aa8f1e4d2
-
SHA512
310e428d16cbb69d2e48c18193716481e5db09c985438bbe1049140a3ff4c5c77aa5ffd83f9343784ee9bb5be7b572e565f04c0c1109b59cae6923976a2a35dd
Static task
static1
Behavioral task
behavioral1
Sample
IMG_057_163_22.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
IMG_057_163_22.doc
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
sixjan.club - Port:
587 - Username:
andle@sixjan.club - Password:
j&2^(}d4gD}u
Targets
-
-
Target
IMG_057_163_22.doc
-
Size
183KB
-
MD5
49ad6fb2dca5d329f6c458ebb172f35f
-
SHA1
814e7ee66ade2d0b7eeca2f4c655709939b31ac9
-
SHA256
69ac0d42dce05bcd01273fc11a1a73fa7d6ab446ef129677940a328aa8f1e4d2
-
SHA512
310e428d16cbb69d2e48c18193716481e5db09c985438bbe1049140a3ff4c5c77aa5ffd83f9343784ee9bb5be7b572e565f04c0c1109b59cae6923976a2a35dd
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-