General
-
Target
Order - P1145912.xlsx
-
Size
301KB
-
Sample
211021-gzc6ssagep
-
MD5
5e61206f35ec665f82cb562446e4ab46
-
SHA1
c88163a81f28e19aad85b985d142440dce3ac4a9
-
SHA256
22bcae8baae7943034893204a48cb713ad2ab2ecaa2b0c5f781576291fcc15ab
-
SHA512
2d787df6684fc1dcc81bee85286db4c6584932f0430e60b9f2f4c582ded602a4d026d37492661a806e14e068e15aa62fb14807a8569ed83fc0322fce2014dddf
Static task
static1
Behavioral task
behavioral1
Sample
Order - P1145912.xlsx
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Order - P1145912.xlsx
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.everywhere-gtt.com - Port:
587 - Username:
james@everywhere-gtt.com - Password:
chidiebere1994
Targets
-
-
Target
Order - P1145912.xlsx
-
Size
301KB
-
MD5
5e61206f35ec665f82cb562446e4ab46
-
SHA1
c88163a81f28e19aad85b985d142440dce3ac4a9
-
SHA256
22bcae8baae7943034893204a48cb713ad2ab2ecaa2b0c5f781576291fcc15ab
-
SHA512
2d787df6684fc1dcc81bee85286db4c6584932f0430e60b9f2f4c582ded602a4d026d37492661a806e14e068e15aa62fb14807a8569ed83fc0322fce2014dddf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-