General
-
Target
Product list Tc Tradings.xlsx
-
Size
369KB
-
Sample
211021-gx7ydshhe7
-
MD5
82499a429719b67772ab2e25c560a226
-
SHA1
7cbbcf69fb796d54aebceaed86633ddb94ee28bd
-
SHA256
a946c12c780ffb5e8cf5fcaa99256c9a5370e22534f64131db2027a648da524c
-
SHA512
7f347da6ee328aabcb11b42524e93953aef5385632052220f2df04f8e8da13fe949d66db2ab6d6ee66026fc30be0e4bd27f5b702ecf45ded0c50856c62ad1514
Static task
static1
Behavioral task
behavioral1
Sample
Product list Tc Tradings.xlsx
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Product list Tc Tradings.xlsx
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.croatiahunt.com - Port:
587 - Username:
info@croatiahunt.com - Password:
VilaVrgade852
Targets
-
-
Target
Product list Tc Tradings.xlsx
-
Size
369KB
-
MD5
82499a429719b67772ab2e25c560a226
-
SHA1
7cbbcf69fb796d54aebceaed86633ddb94ee28bd
-
SHA256
a946c12c780ffb5e8cf5fcaa99256c9a5370e22534f64131db2027a648da524c
-
SHA512
7f347da6ee328aabcb11b42524e93953aef5385632052220f2df04f8e8da13fe949d66db2ab6d6ee66026fc30be0e4bd27f5b702ecf45ded0c50856c62ad1514
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-