General
-
Target
Product Inquire List.doc.7z
-
Size
391KB
-
Sample
211020-tczshahcd4
-
MD5
30698b5ec08b5fbba3e2cc221b28514a
-
SHA1
8a9b9bd58df14e670dda79a958b479ac70e39bc7
-
SHA256
8e1d55739d99a55b72697d59395db4835a0e6423fdc93647c881d6573bc04bbe
-
SHA512
250284d522f7e2e5d5830efd7d9e4bf7c72a409f5d3f406c7e1f3b6fe35f132d5b207d33fe9bbd1e16aa45a10a6f2176600d66e773606b60f202651a656950fa
Static task
static1
Behavioral task
behavioral1
Sample
Product Inquire List.doc.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Product Inquire List.doc.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.ecurs.ro/ - Port:
21 - Username:
[email protected] - Password:
t&,QuY0fJi5R
Targets
-
-
Target
Product Inquire List.doc.exe
-
Size
440KB
-
MD5
05270120d0e5f9d72a2809c6bf5180b0
-
SHA1
ba724979e7f6f46ac33e096180ad531c1a37e9ca
-
SHA256
0a2521fb76fe94f9c8dff781b757fde0eabebb9abcc5038a6e2bc1a0fa17458e
-
SHA512
647e209489afcf38c81ad61060c5e70e4a6d0d5aa6a2a4941cbbbf1980cb4252fdb5a180f39a5b8556d4e9974350e56f47dd9db4db74d81bb84e992c9d56fc1f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-