General
-
Target
DELIVERY FOLLOW UP.XLSX.exe
-
Size
481KB
-
Sample
211021-m1ph4sabg5
-
MD5
75c0f9a2900015e3b9ab6b5433706786
-
SHA1
787a8a7cd60f220e41b0aed7605db324c06dc786
-
SHA256
d794df300789db006c10efb29a8cd2683c72070312700eff88f82e40c5548667
-
SHA512
e13e8d0fb150a033f9a1e5544a25494fec5f3fb8476d80c0c3fcd45399a44c269a79c40bcc443fe3efd6b595c898b06e714996b36a1076034ca29075ac09d6ec
Static task
static1
Behavioral task
behavioral1
Sample
DELIVERY FOLLOW UP.XLSX.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
DELIVERY FOLLOW UP.XLSX.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bulletproofprotections.com - Port:
587 - Username:
account@bulletproofprotections.com - Password:
Everest10account
Targets
-
-
Target
DELIVERY FOLLOW UP.XLSX.exe
-
Size
481KB
-
MD5
75c0f9a2900015e3b9ab6b5433706786
-
SHA1
787a8a7cd60f220e41b0aed7605db324c06dc786
-
SHA256
d794df300789db006c10efb29a8cd2683c72070312700eff88f82e40c5548667
-
SHA512
e13e8d0fb150a033f9a1e5544a25494fec5f3fb8476d80c0c3fcd45399a44c269a79c40bcc443fe3efd6b595c898b06e714996b36a1076034ca29075ac09d6ec
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-