General
-
Target
PAYMENT_ADVICE.doc
-
Size
4KB
-
Sample
210722-w2je8ya2m6
-
MD5
71af183490ef5c747eb3b6a1417c8f33
-
SHA1
cbf5c744909fb1978d8bbadb3b1377e7b364f90d
-
SHA256
fd1d1d4f70fb3b258e798ba9ac66abd6ad9d9de16b4b2204f55519ea59eb7d12
-
SHA512
73e271f3eb303443808c22f9e41d9d3d72d0d0451c7e94343beceb04a3aa486fa236fef6d72cff8d4e04fa2ae0478943edeff695d9eb95855171daa57c133c77
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT_ADVICE.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PAYMENT_ADVICE.doc
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
GODGRACE12345
Targets
-
-
Target
PAYMENT_ADVICE.doc
-
Size
4KB
-
MD5
71af183490ef5c747eb3b6a1417c8f33
-
SHA1
cbf5c744909fb1978d8bbadb3b1377e7b364f90d
-
SHA256
fd1d1d4f70fb3b258e798ba9ac66abd6ad9d9de16b4b2204f55519ea59eb7d12
-
SHA512
73e271f3eb303443808c22f9e41d9d3d72d0d0451c7e94343beceb04a3aa486fa236fef6d72cff8d4e04fa2ae0478943edeff695d9eb95855171daa57c133c77
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-