General
-
Target
OKTAL PHARMACEUTICAL ORDER.doc
-
Size
4KB
-
Sample
210727-5qdpax8zyn
-
MD5
518568b5c3bfcaa67474cd0b448c1dde
-
SHA1
a72ca8d71e7a4424e6c54567bf74765ea92dbf4a
-
SHA256
0826832dd2b6d96d111d92f8917d86f7acd41abcfed19d9cea448b04b6b0dbeb
-
SHA512
972bd97c8b9c844dab8a41c5024d15850ef5cfe8efcc24300b2edea7109d889b2253d8d305a4403c4e41cb9eb1623354883f3e37b1b68075d2c61d28a2f4508d
Static task
static1
Behavioral task
behavioral1
Sample
OKTAL PHARMACEUTICAL ORDER.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
OKTAL PHARMACEUTICAL ORDER.doc
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
snookiep@123
Targets
-
-
Target
OKTAL PHARMACEUTICAL ORDER.doc
-
Size
4KB
-
MD5
518568b5c3bfcaa67474cd0b448c1dde
-
SHA1
a72ca8d71e7a4424e6c54567bf74765ea92dbf4a
-
SHA256
0826832dd2b6d96d111d92f8917d86f7acd41abcfed19d9cea448b04b6b0dbeb
-
SHA512
972bd97c8b9c844dab8a41c5024d15850ef5cfe8efcc24300b2edea7109d889b2253d8d305a4403c4e41cb9eb1623354883f3e37b1b68075d2c61d28a2f4508d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-