General
-
Target
Payment Supplier.xlsx
-
Size
369KB
-
Sample
211021-grh23shhb2
-
MD5
02695386400579cc3dc56290575ed450
-
SHA1
caa3604d4f67f440d47462619907445bec88e357
-
SHA256
2de1a61b2484311c0f90b40e7bc01cb0638c86ad2a20735af3c55adc99deaec3
-
SHA512
c58cb66874954149b55eccc588f13deea18ea287819ae42d134599fc1ed9d9c36e662dc901773533d0b0b86ef4a2c3466215baa3ee56a52a051fb7ab730e9dad
Static task
static1
Behavioral task
behavioral1
Sample
Payment Supplier.xlsx
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Payment Supplier.xlsx
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sgsabah.com - Port:
587 - Username:
belinda@sgsabah.com - Password:
Newlife8
Targets
-
-
Target
Payment Supplier.xlsx
-
Size
369KB
-
MD5
02695386400579cc3dc56290575ed450
-
SHA1
caa3604d4f67f440d47462619907445bec88e357
-
SHA256
2de1a61b2484311c0f90b40e7bc01cb0638c86ad2a20735af3c55adc99deaec3
-
SHA512
c58cb66874954149b55eccc588f13deea18ea287819ae42d134599fc1ed9d9c36e662dc901773533d0b0b86ef4a2c3466215baa3ee56a52a051fb7ab730e9dad
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-