General
-
Target
PG4636 - Confirmed .xls.exe
-
Size
487KB
-
Sample
211201-rqrb6sfhe4
-
MD5
3ab8e681d5b85174421e23d5b3bace3f
-
SHA1
60cfc87431a251f2fd1f1b1d3069999308de31a8
-
SHA256
2a5ae6a4afc8079db51da67e5823ba3c8fd78da234952b0a02ad084764fed3ab
-
SHA512
55c85a222aa4927ff85801af1674d0dc1843e38f0f8024f28e727bf009592ba967a536883b6e1717a84ca3e6d499a74268eee2728d47be3808759c8848e92d0a
Static task
static1
Behavioral task
behavioral1
Sample
PG4636 - Confirmed .xls.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
PG4636 - Confirmed .xls.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.neocomjsp.com - Port:
587 - Username:
[email protected] - Password:
f@kHRCt0
Targets
-
-
Target
PG4636 - Confirmed .xls.exe
-
Size
487KB
-
MD5
3ab8e681d5b85174421e23d5b3bace3f
-
SHA1
60cfc87431a251f2fd1f1b1d3069999308de31a8
-
SHA256
2a5ae6a4afc8079db51da67e5823ba3c8fd78da234952b0a02ad084764fed3ab
-
SHA512
55c85a222aa4927ff85801af1674d0dc1843e38f0f8024f28e727bf009592ba967a536883b6e1717a84ca3e6d499a74268eee2728d47be3808759c8848e92d0a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-