General
-
Target
WELDED PIPES INDENT NO. 2122000642.doc
-
Size
4KB
-
Sample
210727-xnczj67t46
-
MD5
5c0bc7c7186ad3356a5f3b8d2134e023
-
SHA1
a4bab1a1edea203951480df4c7b94ff940561f34
-
SHA256
95cd0e8151fd80f473f886e8c9aa98ce10d3608a8ac9542d848634a3e0f80064
-
SHA512
e6ddfdf9e42836675d3e7f8c2f310e74a3765f708b0d70f84c9f3ad0ee683dc249911cab0cc2162e8028ef832afe6dc4ca106cb9feff4d445140fa9fb23ce970
Static task
static1
Behavioral task
behavioral1
Sample
WELDED PIPES INDENT NO. 2122000642.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
WELDED PIPES INDENT NO. 2122000642.doc
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
davide.montorro@arss-it.me - Password:
HOPEFULYETLost@1989
Targets
-
-
Target
WELDED PIPES INDENT NO. 2122000642.doc
-
Size
4KB
-
MD5
5c0bc7c7186ad3356a5f3b8d2134e023
-
SHA1
a4bab1a1edea203951480df4c7b94ff940561f34
-
SHA256
95cd0e8151fd80f473f886e8c9aa98ce10d3608a8ac9542d848634a3e0f80064
-
SHA512
e6ddfdf9e42836675d3e7f8c2f310e74a3765f708b0d70f84c9f3ad0ee683dc249911cab0cc2162e8028ef832afe6dc4ca106cb9feff4d445140fa9fb23ce970
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-