General
-
Target
Scan_Document_Doc.exe
-
Size
278KB
-
Sample
211019-ddcrcsfbd3
-
MD5
86d8f8fa859d11ac8a88e38dfedb8d96
-
SHA1
c8d5464ed3413d4cf90dba99a8e96399d91b38da
-
SHA256
eecf91e9544651e14a9d35d25fce7301aa9e94f77338bb246c5670448b485b77
-
SHA512
a8d129f52f2968467a99d85ce972aaef2c32b9ab40744b9289e638155daa7849ab0bc37f55aefd477a7ac4b7c00fa989d107e7053ffafe3854f063411d135fe8
Static task
static1
Behavioral task
behavioral1
Sample
Scan_Document_Doc.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Scan_Document_Doc.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot2049702537:AAHkMlKpzDFOwF32VE8jmH1-TUEumKm518o/sendDocument
Targets
-
-
Target
Scan_Document_Doc.exe
-
Size
278KB
-
MD5
86d8f8fa859d11ac8a88e38dfedb8d96
-
SHA1
c8d5464ed3413d4cf90dba99a8e96399d91b38da
-
SHA256
eecf91e9544651e14a9d35d25fce7301aa9e94f77338bb246c5670448b485b77
-
SHA512
a8d129f52f2968467a99d85ce972aaef2c32b9ab40744b9289e638155daa7849ab0bc37f55aefd477a7ac4b7c00fa989d107e7053ffafe3854f063411d135fe8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-