General
-
Target
RFQ No3756368.doc
-
Size
75KB
-
Sample
210727-5wgd92741j
-
MD5
b156ed4230557289721a0256a6aa23ea
-
SHA1
59d8da9d1c4ec783f59d9c6ba330e4392151cb9a
-
SHA256
8e97e85fd5881e5f4f31f95f5bc13de014ab3a3f278fec651f5208a73f22259e
-
SHA512
8c1e68f8f497becf235c453c23eab1638ca4ceb283e92ab221ec366ed24b10152e4e2301fbf3739f095dc32c4b3f6fcec3432d587440fe54d4e2d6e7c6ef2d91
Static task
static1
Behavioral task
behavioral1
Sample
RFQ No3756368.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
RFQ No3756368.doc
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.camerapro.co.za - Port:
587 - Username:
orders@camerapro.co.za - Password:
JJJ65259sss
Targets
-
-
Target
RFQ No3756368.doc
-
Size
75KB
-
MD5
b156ed4230557289721a0256a6aa23ea
-
SHA1
59d8da9d1c4ec783f59d9c6ba330e4392151cb9a
-
SHA256
8e97e85fd5881e5f4f31f95f5bc13de014ab3a3f278fec651f5208a73f22259e
-
SHA512
8c1e68f8f497becf235c453c23eab1638ca4ceb283e92ab221ec366ed24b10152e4e2301fbf3739f095dc32c4b3f6fcec3432d587440fe54d4e2d6e7c6ef2d91
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-