General
-
Target
Orden de cotización.xlsx______________________________.exe
-
Size
852KB
-
Sample
210823-fk5y59ln7a
-
MD5
ef91a695fc5aef7d5c6630fd4e6b5a4f
-
SHA1
36e11a1a53a68ac4eb081240062954854897ffbf
-
SHA256
16a5798db6638e9ff43f3cddeeec26ee68c9294637d2c32ef8440f967dcff243
-
SHA512
d5483e883e94b313af7f92cb8751f0df7c30061dc1971be6706eb2ec64314dd0318c6cd346bea0c236085932e3ae62b1d0eb1eb16a4d4ba4bc85cff76a1e0d33
Static task
static1
Behavioral task
behavioral1
Sample
Orden de cotización.xlsx______________________________.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Orden de cotización.xlsx______________________________.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
serv-10708.handsonwebhosting.com - Port:
587 - Username:
emma@multillantaszl.com - Password:
icui4cu2@@
Targets
-
-
Target
Orden de cotización.xlsx______________________________.exe
-
Size
852KB
-
MD5
ef91a695fc5aef7d5c6630fd4e6b5a4f
-
SHA1
36e11a1a53a68ac4eb081240062954854897ffbf
-
SHA256
16a5798db6638e9ff43f3cddeeec26ee68c9294637d2c32ef8440f967dcff243
-
SHA512
d5483e883e94b313af7f92cb8751f0df7c30061dc1971be6706eb2ec64314dd0318c6cd346bea0c236085932e3ae62b1d0eb1eb16a4d4ba4bc85cff76a1e0d33
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Suspicious use of SetThreadContext
-