General
-
Target
SHIPPING DOCUMENT.xlsx
-
Size
587KB
-
Sample
210915-hx8qcsdbbj
-
MD5
8d888bf7f0fbf737dcb6f62f58d9c00e
-
SHA1
5d8acca52c259e714e4e28a9e6ea3a36f5eb108f
-
SHA256
3368451d206d750382c2ff4c823c3a0f95952e2ce86e7fdde7b4c3e1d4d5c75b
-
SHA512
ec7e95b51f72ac8182859edffe4ea68ea18d2e6c93df5ab9d850fdb63d3494fdf6eabe75c30a1ff07a5df5f99cc9eb076691fbfb70a0d84f0a16a57c9e05ab96
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING DOCUMENT.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
SHIPPING DOCUMENT.xlsx
Resource
win10-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ccsp-india.com - Port:
587 - Username:
jayamurugan@ccsp-india.com - Password:
Lkp$CcsP1008
Targets
-
-
Target
SHIPPING DOCUMENT.xlsx
-
Size
587KB
-
MD5
8d888bf7f0fbf737dcb6f62f58d9c00e
-
SHA1
5d8acca52c259e714e4e28a9e6ea3a36f5eb108f
-
SHA256
3368451d206d750382c2ff4c823c3a0f95952e2ce86e7fdde7b4c3e1d4d5c75b
-
SHA512
ec7e95b51f72ac8182859edffe4ea68ea18d2e6c93df5ab9d850fdb63d3494fdf6eabe75c30a1ff07a5df5f99cc9eb076691fbfb70a0d84f0a16a57c9e05ab96
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-