General
-
Target
HOUSELIN SPEC_RFQ10040.xlsx
-
Size
1.4MB
-
Sample
211018-jyd3taebam
-
MD5
4258f07e6d70c23ba0ef6ee85b0eab40
-
SHA1
e02525db8972aad2fdd692e36fcedb5e2170f00d
-
SHA256
73b7e811ea2cc73661d157f4dc28646a584f63b1614f595a390d99cde4463a74
-
SHA512
20ef319ed7156e7c09bc47f72eb97b6f74ef7c7c73c4324ee9b5fe64505bad19ea7f674ccc0951c3ad2bf6ad7f618378da4bb43a892e0cf5ddcd29da1c62f73a
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.abaamap.com.mx - Port:
587 - Username:
[email protected] - Password:
6.9)bx6}m*k}
Targets
-
-
Target
HOUSELIN SPEC_RFQ10040.xlsx
-
Size
1.4MB
-
MD5
4258f07e6d70c23ba0ef6ee85b0eab40
-
SHA1
e02525db8972aad2fdd692e36fcedb5e2170f00d
-
SHA256
73b7e811ea2cc73661d157f4dc28646a584f63b1614f595a390d99cde4463a74
-
SHA512
20ef319ed7156e7c09bc47f72eb97b6f74ef7c7c73c4324ee9b5fe64505bad19ea7f674ccc0951c3ad2bf6ad7f618378da4bb43a892e0cf5ddcd29da1c62f73a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-