General
-
Target
EPRD-ES210001A URGENT RFQ.doc
-
Size
3KB
-
Sample
210727-9t1mq65qa2
-
MD5
385d9d7dce288d12688ad65b0c262f0b
-
SHA1
abb40f1e00da3e6613d81c54d8f995e57b5f27ea
-
SHA256
147ff22bdcef3aa73f1f3231fd85310f55b02535f2921db4e39dc84954f4faae
-
SHA512
ae14956a5bf0b32150f8efc24c144be1bac63eba62096c8a323e055683c325416583e9374ff4375f564a5803a1417f389815f25c0bc0fd5494021a91fd543807
Static task
static1
Behavioral task
behavioral1
Sample
EPRD-ES210001A URGENT RFQ.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
EPRD-ES210001A URGENT RFQ.doc
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
chamara.kuruppu@organigram-ca.icu - Password:
HELPMEGOD@1321
Targets
-
-
Target
EPRD-ES210001A URGENT RFQ.doc
-
Size
3KB
-
MD5
385d9d7dce288d12688ad65b0c262f0b
-
SHA1
abb40f1e00da3e6613d81c54d8f995e57b5f27ea
-
SHA256
147ff22bdcef3aa73f1f3231fd85310f55b02535f2921db4e39dc84954f4faae
-
SHA512
ae14956a5bf0b32150f8efc24c144be1bac63eba62096c8a323e055683c325416583e9374ff4375f564a5803a1417f389815f25c0bc0fd5494021a91fd543807
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-