General
-
Target
AWB #30996572600.xlsx
-
Size
369KB
-
Sample
211021-qznrzaadc3
-
MD5
74027c02e183634474751315b55c279b
-
SHA1
d9fc823d7ccd3fde3eb79b46efb403973251e57c
-
SHA256
802adde9cf7128f18f09c819b3d4db5357425db1c2b9185b286fb69cf9ae5365
-
SHA512
3cb6ee8861ee7c80d72bd1246b9728f862e49ec02dcb820aebbce857e1e9a1ed5e42f001cf206dd77858c3c3d58186d9e9f75cb28950b03bce94141afd631ece
Static task
static1
Behavioral task
behavioral1
Sample
AWB #30996572600.xlsx
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
AWB #30996572600.xlsx
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.xenonaslikno.gr - Port:
587 - Username:
info@xenonaslikno.gr - Password:
Fox#UgJVGN#0X
Targets
-
-
Target
AWB #30996572600.xlsx
-
Size
369KB
-
MD5
74027c02e183634474751315b55c279b
-
SHA1
d9fc823d7ccd3fde3eb79b46efb403973251e57c
-
SHA256
802adde9cf7128f18f09c819b3d4db5357425db1c2b9185b286fb69cf9ae5365
-
SHA512
3cb6ee8861ee7c80d72bd1246b9728f862e49ec02dcb820aebbce857e1e9a1ed5e42f001cf206dd77858c3c3d58186d9e9f75cb28950b03bce94141afd631ece
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-