General
-
Target
Order428621.doc
-
Size
3KB
-
Sample
210726-hz7qvj2k62
-
MD5
484be17f86d5f3fe19117cde512b7835
-
SHA1
b98db5bf4e847095c044a23d66434710bb9d7b58
-
SHA256
2e2295c29610c858b6ef4d775420fc9af1b1e8ef82da746fdc9ba23a14ecd494
-
SHA512
549dfba2fb60dd53dbf2e8e130d690c8d7b5c8b3090da6514c51b9559ef2fe08d5dde1f14255969b6d603311be76a19d700beb2f17891f95a10c1019cc863f65
Static task
static1
Behavioral task
behavioral1
Sample
Order428621.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Order428621.doc
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
accounts@trialseqco-uk.icu - Password:
NewMexcico@123
Targets
-
-
Target
Order428621.doc
-
Size
3KB
-
MD5
484be17f86d5f3fe19117cde512b7835
-
SHA1
b98db5bf4e847095c044a23d66434710bb9d7b58
-
SHA256
2e2295c29610c858b6ef4d775420fc9af1b1e8ef82da746fdc9ba23a14ecd494
-
SHA512
549dfba2fb60dd53dbf2e8e130d690c8d7b5c8b3090da6514c51b9559ef2fe08d5dde1f14255969b6d603311be76a19d700beb2f17891f95a10c1019cc863f65
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-