General
-
Target
Invoice#P.O474746.xlsx
-
Size
602KB
-
Sample
210728-dxftjy45cn
-
MD5
80126b0c7190360c63cdfc0b57839920
-
SHA1
191ffb490653ca129ed7fe603f2d7734d3d0c157
-
SHA256
dae10b4be19f81707d8c9b2fab7539a0f5a9c82ef37f5c0ee3500c161c68fb20
-
SHA512
6ccb4cf91abfa2693b79099d9e498aa24658fb1a5c6f85420487fa8998208fc6ac9caf4ca1053179e0c331cabaf411607a8e0344654c920f67d991b0a6fa0979
Static task
static1
Behavioral task
behavioral1
Sample
Invoice#P.O474746.xlsx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Invoice#P.O474746.xlsx
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.simpleitalian.com.au - Port:
587 - Username:
[email protected] - Password:
SIpassword101$
Targets
-
-
Target
Invoice#P.O474746.xlsx
-
Size
602KB
-
MD5
80126b0c7190360c63cdfc0b57839920
-
SHA1
191ffb490653ca129ed7fe603f2d7734d3d0c157
-
SHA256
dae10b4be19f81707d8c9b2fab7539a0f5a9c82ef37f5c0ee3500c161c68fb20
-
SHA512
6ccb4cf91abfa2693b79099d9e498aa24658fb1a5c6f85420487fa8998208fc6ac9caf4ca1053179e0c331cabaf411607a8e0344654c920f67d991b0a6fa0979
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-