General
-
Target
RAW Material Inquiry for Supper Alloy.doc
-
Size
3KB
-
Sample
210727-n2af3qde5a
-
MD5
46231727958e6b8bf2f2af9eb1883ee4
-
SHA1
ee13a45718a614a5512ca289ecc60755561b2ae0
-
SHA256
039dd5bcf3eeb08484663983831f1b6c61fcacb35a96041ab11e22855f262023
-
SHA512
8b6972cdef0b0b3884f0a47313001b91f34bc1f90e6ca5d77b8165b665f6ea539703c8122e0a99c9f3dddb99b3a10fe3a5305c47842b74724c2cda4ad53377b5
Static task
static1
Behavioral task
behavioral1
Sample
RAW Material Inquiry for Supper Alloy.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
RAW Material Inquiry for Supper Alloy.doc
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
dutchgardenfoodservices@saleperson.icu - Password:
GOODGOD1234
Targets
-
-
Target
RAW Material Inquiry for Supper Alloy.doc
-
Size
3KB
-
MD5
46231727958e6b8bf2f2af9eb1883ee4
-
SHA1
ee13a45718a614a5512ca289ecc60755561b2ae0
-
SHA256
039dd5bcf3eeb08484663983831f1b6c61fcacb35a96041ab11e22855f262023
-
SHA512
8b6972cdef0b0b3884f0a47313001b91f34bc1f90e6ca5d77b8165b665f6ea539703c8122e0a99c9f3dddb99b3a10fe3a5305c47842b74724c2cda4ad53377b5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-