General
-
Target
US 74,100.50 .xlsx
-
Size
1.1MB
-
Sample
210727-bcstelncha
-
MD5
b8e12d23fa9780efb407c51dd8a3767f
-
SHA1
110487c60cd6507687a5d93b9fa2ce6e5dbd46b7
-
SHA256
92f98059db2e215ef3ff991be89504eafea4e08c66753c9a480d03cdb0b9add9
-
SHA512
01d11839f2339188490b518fd66baf7840c0b48d91891828107b74aa5e2ec9c5df0c8bb7b2a091e025ebbf62de47e73b7692fab62e1a9b4ee78e992cff4d0053
Static task
static1
Behavioral task
behavioral1
Sample
US 74,100.50 .xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
US 74,100.50 .xlsx
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cisburo.com - Port:
587 - Username:
elie@cisburo.com - Password:
Essaab1967#
Targets
-
-
Target
US 74,100.50 .xlsx
-
Size
1.1MB
-
MD5
b8e12d23fa9780efb407c51dd8a3767f
-
SHA1
110487c60cd6507687a5d93b9fa2ce6e5dbd46b7
-
SHA256
92f98059db2e215ef3ff991be89504eafea4e08c66753c9a480d03cdb0b9add9
-
SHA512
01d11839f2339188490b518fd66baf7840c0b48d91891828107b74aa5e2ec9c5df0c8bb7b2a091e025ebbf62de47e73b7692fab62e1a9b4ee78e992cff4d0053
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-