General
-
Target
PO-2590221021.xlsx.gz
-
Size
513KB
-
Sample
211023-crmytabca5
-
MD5
cedeb5d7fc1680ee00cabe66d22c30ad
-
SHA1
6174d5f17815ea82b40dd4ebe7007f750585949a
-
SHA256
fad359f973b3d833cca3ed398df0f39e95a3c8e14be6a28eeafa6c3c71d2676a
-
SHA512
08404d457d5bc6b1d0cad91b60f60dd82fdc9efa1accae580e6f709825a3f779129e8f0e1892f5cada8d9c9597066310c9380287a467dc995a7479990e1f56a0
Static task
static1
Behavioral task
behavioral1
Sample
PO-2590221021.xlsx.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
PO-2590221021.xlsx.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.topfrozenfoodbrand.com - Port:
587 - Username:
webmaster@topfrozenfoodbrand.com - Password:
Chukwudim28@
Targets
-
-
Target
PO-2590221021.xlsx.exe
-
Size
705KB
-
MD5
5e4930b37a31c65525ec4e308a67fb7e
-
SHA1
c598d2e034dd4d1e1266b8d0f047cfd629b56ab9
-
SHA256
a96249e0df2c88e2e047ad332ba7d2755dd6f390d39afc67de05ddfa8726e53f
-
SHA512
86600dfb132d057a6f7fe4d644b8c3577ef83ed95e2986d4c2d3475c6af92db1eb7bb3ef6288b29b441e30443057c296838bb49e1980e0ed7dfafdff7a6968e4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-