General
-
Target
NEW QUOTATION.xlsx
-
Size
673KB
-
Sample
210727-438bjrk566
-
MD5
13750992082e97bfba7467e749a58d56
-
SHA1
5c7b5a9a6435cf981d98d924291cdb3d3fabf13f
-
SHA256
f14f0801347bd2a71632960bb9911f40cb349a4d8eecb615aee3a0a9ac397cf9
-
SHA512
302767bfc77b16a41f3e981e8b6c80381ed9f889f96f4738a114f1c46e3702f3faa43f2065307c5b5c5cde8d719aa0eaf3953ef68bb0937897df7768e8933a82
Static task
static1
Behavioral task
behavioral1
Sample
NEW QUOTATION.xlsx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
NEW QUOTATION.xlsx
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sajbh.com - Port:
587 - Username:
accounts@sajbh.com - Password:
Saj@2014
Targets
-
-
Target
NEW QUOTATION.xlsx
-
Size
673KB
-
MD5
13750992082e97bfba7467e749a58d56
-
SHA1
5c7b5a9a6435cf981d98d924291cdb3d3fabf13f
-
SHA256
f14f0801347bd2a71632960bb9911f40cb349a4d8eecb615aee3a0a9ac397cf9
-
SHA512
302767bfc77b16a41f3e981e8b6c80381ed9f889f96f4738a114f1c46e3702f3faa43f2065307c5b5c5cde8d719aa0eaf3953ef68bb0937897df7768e8933a82
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-