General
-
Target
DELIVERY FOLLOW UP.XLSX.r11
-
Size
420KB
-
Sample
211021-qqnevabcaj
-
MD5
86899553adf9f017fe071053a9edd0d8
-
SHA1
1c84480da8740edb83047040018b202577252de0
-
SHA256
dcae6b8ba1455a4eab6bf470bc39993f145353a79d99c2e0da625097d87d3420
-
SHA512
642374d6a9b5a4e2f2ec8d042161e56c65cdab9e3df2fd884cc992bb56ccbd29618cd63ca7ad9e6b997f26800de52e5fe22bde91a4399f3c720bbd03779208a3
Static task
static1
Behavioral task
behavioral1
Sample
DELIVERY FOLLOW UP.XLSX.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
DELIVERY FOLLOW UP.XLSX.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bulletproofprotections.com - Port:
587 - Username:
account@bulletproofprotections.com - Password:
Everest10account
Targets
-
-
Target
DELIVERY FOLLOW UP.XLSX.exe
-
Size
481KB
-
MD5
75c0f9a2900015e3b9ab6b5433706786
-
SHA1
787a8a7cd60f220e41b0aed7605db324c06dc786
-
SHA256
d794df300789db006c10efb29a8cd2683c72070312700eff88f82e40c5548667
-
SHA512
e13e8d0fb150a033f9a1e5544a25494fec5f3fb8476d80c0c3fcd45399a44c269a79c40bcc443fe3efd6b595c898b06e714996b36a1076034ca29075ac09d6ec
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-