General
-
Target
ABSA Bank_Payment Advice copy.doc
-
Size
3.3MB
-
Sample
210727-d1hkcv9342
-
MD5
dc27adc9ac30cc0de96a0babf896cc74
-
SHA1
984fd4d264aad2432654aee42fefa1d2c7191081
-
SHA256
1c70882051a5b725ee8ac98b24ad6e6a1b867dcad1cdb5acf82e84fe4f8cc109
-
SHA512
cd38ba8a03d597f03278141fee445012aaa125105fbce21f4b00be697570a4505b24e31164d6ae9080720d2caa97e1b5f9b38ea0d9bb10d80407a508a9c62ba7
Static task
static1
Behavioral task
behavioral1
Sample
ABSA Bank_Payment Advice copy.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
ABSA Bank_Payment Advice copy.doc
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.meyaargroup.com - Port:
587 - Username:
[email protected] - Password:
Meyaar@123$
Targets
-
-
Target
ABSA Bank_Payment Advice copy.doc
-
Size
3.3MB
-
MD5
dc27adc9ac30cc0de96a0babf896cc74
-
SHA1
984fd4d264aad2432654aee42fefa1d2c7191081
-
SHA256
1c70882051a5b725ee8ac98b24ad6e6a1b867dcad1cdb5acf82e84fe4f8cc109
-
SHA512
cd38ba8a03d597f03278141fee445012aaa125105fbce21f4b00be697570a4505b24e31164d6ae9080720d2caa97e1b5f9b38ea0d9bb10d80407a508a9c62ba7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-