General
-
Target
attached MT103.xlsx
-
Size
369KB
-
Sample
211019-j5626sfde9
-
MD5
4359de779972f2e1e11722812f5fdfaf
-
SHA1
b51912d549cb4c79030a9d30bee8e0117a5f9332
-
SHA256
0ca77c81c4440102c13817bc4b1e52a844e7384e0b523021b453f15114cc0406
-
SHA512
5cdd6edc834b3eb3ea7e40e21c3445fc521cb5c435a52af6e93fa4d2524b02eee2f9b86c21ace2f38699a8e5c7dde23a5788b3c623aceb8702764ee679e3dfbb
Static task
static1
Behavioral task
behavioral1
Sample
attached MT103.xlsx
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
attached MT103.xlsx
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sgsabah.com - Port:
587 - Username:
[email protected] - Password:
Newlife8
Targets
-
-
Target
attached MT103.xlsx
-
Size
369KB
-
MD5
4359de779972f2e1e11722812f5fdfaf
-
SHA1
b51912d549cb4c79030a9d30bee8e0117a5f9332
-
SHA256
0ca77c81c4440102c13817bc4b1e52a844e7384e0b523021b453f15114cc0406
-
SHA512
5cdd6edc834b3eb3ea7e40e21c3445fc521cb5c435a52af6e93fa4d2524b02eee2f9b86c21ace2f38699a8e5c7dde23a5788b3c623aceb8702764ee679e3dfbb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-