General
-
Target
PRINT.doc
-
Size
3KB
-
Sample
210727-sja5akvxlx
-
MD5
66dd7813d08a65abe076c78f3b2e2699
-
SHA1
cd2a9026496865e395723ccb68a39fabeed06f2c
-
SHA256
c1a3563931fa2243d1ebb352779d3d94869ee26a38c87c257c2a02022845986a
-
SHA512
68cd37dab8b5c57ee6552671fda211f6f8f120024f6ad4a21462e1e9b5114091a4ef39cf1359eb0c76d69c58e2c02cba0055868a2b13b48267f392db750e96ac
Static task
static1
Behavioral task
behavioral1
Sample
PRINT.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PRINT.doc
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
chamara.kuruppu@organigram-ca.icu - Password:
HELPMEGOD@1321
Targets
-
-
Target
PRINT.doc
-
Size
3KB
-
MD5
66dd7813d08a65abe076c78f3b2e2699
-
SHA1
cd2a9026496865e395723ccb68a39fabeed06f2c
-
SHA256
c1a3563931fa2243d1ebb352779d3d94869ee26a38c87c257c2a02022845986a
-
SHA512
68cd37dab8b5c57ee6552671fda211f6f8f120024f6ad4a21462e1e9b5114091a4ef39cf1359eb0c76d69c58e2c02cba0055868a2b13b48267f392db750e96ac
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-