General
-
Target
MMC Metal Corregir Cotizacin.xlsx
-
Size
369KB
-
Sample
211021-gx7ydsagel
-
MD5
540a380ba1965f4007b704d0d7ef70bf
-
SHA1
31d56fd5396db39f202e18ef94316b3a2c609e6a
-
SHA256
7f6dd49a52ad5c4d91314b2453497c6a7c8d170c3ac7dbb85ae4ec3192d21cee
-
SHA512
b98bf259f694f7a0f4e83c5d52c2d4ce394b589fb253cc18fc8231408e2d20d195450157ea8c1737619e8252e46fb26e357ed35cebe78ae9526df9b5054fa59c
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.abaamap.com.mx - Port:
587 - Username:
info@abaamap.com.mx - Password:
6.9)bx6}m*k}
Targets
-
-
Target
MMC Metal Corregir Cotizacin.xlsx
-
Size
369KB
-
MD5
540a380ba1965f4007b704d0d7ef70bf
-
SHA1
31d56fd5396db39f202e18ef94316b3a2c609e6a
-
SHA256
7f6dd49a52ad5c4d91314b2453497c6a7c8d170c3ac7dbb85ae4ec3192d21cee
-
SHA512
b98bf259f694f7a0f4e83c5d52c2d4ce394b589fb253cc18fc8231408e2d20d195450157ea8c1737619e8252e46fb26e357ed35cebe78ae9526df9b5054fa59c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-