General
-
Target
ORDER . 4500028602 .doc
-
Size
4KB
-
Sample
210722-ssk99stcyn
-
MD5
481c22b5e46aee29787378d65d00fc92
-
SHA1
c661b85631510dbb9010d5c6d0e4ad71bf0d2bae
-
SHA256
39fcf7c07a057d9770dd0e5315e47fc23767f00ce3d31cb2e6d91d235415d9d2
-
SHA512
fcf4aaeca8bb7308339f6ff29cdc5a52556d9765d2ddcc18816cfff7bcad0fa033301d8cdc4791aa67053e128fb5fca7f9b7faa53b628d5e3eddbb2d7a41c701
Static task
static1
Behavioral task
behavioral1
Sample
ORDER . 4500028602 .doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
ORDER . 4500028602 .doc
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
accounts@trialseqco-uk.icu - Password:
NewMexcico@123
Targets
-
-
Target
ORDER . 4500028602 .doc
-
Size
4KB
-
MD5
481c22b5e46aee29787378d65d00fc92
-
SHA1
c661b85631510dbb9010d5c6d0e4ad71bf0d2bae
-
SHA256
39fcf7c07a057d9770dd0e5315e47fc23767f00ce3d31cb2e6d91d235415d9d2
-
SHA512
fcf4aaeca8bb7308339f6ff29cdc5a52556d9765d2ddcc18816cfff7bcad0fa033301d8cdc4791aa67053e128fb5fca7f9b7faa53b628d5e3eddbb2d7a41c701
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-