General
-
Target
SOA # 87594094.xlsx
-
Size
224KB
-
Sample
220521-mtdg9scdf3
-
MD5
00d8cbaa1a4eb56066dae9e213bc9503
-
SHA1
01aa1fb71e86714f6cba7f17b5e80ad707583e66
-
SHA256
f8fe8c2f2bacb1bd5b18725526e4212a035085b22b7170c0a19f4fd40fd6fa10
-
SHA512
483cb412524d2f8032a19060f59e321c8c2e7a9bb86a3f081a633a4315e06ff179ddf9691cce1fcb5bfa4f5fee407616e7ca5c03dc51677d8bd900129d0aeab4
Static task
static1
Behavioral task
behavioral1
Sample
SOA # 87594094.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SOA # 87594094.xlsx
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5368056296:AAHgHHTnRAZx9eL5AZ1arY8hwWaEJUMdR18/sendDocument
Targets
-
-
Target
SOA # 87594094.xlsx
-
Size
224KB
-
MD5
00d8cbaa1a4eb56066dae9e213bc9503
-
SHA1
01aa1fb71e86714f6cba7f17b5e80ad707583e66
-
SHA256
f8fe8c2f2bacb1bd5b18725526e4212a035085b22b7170c0a19f4fd40fd6fa10
-
SHA512
483cb412524d2f8032a19060f59e321c8c2e7a9bb86a3f081a633a4315e06ff179ddf9691cce1fcb5bfa4f5fee407616e7ca5c03dc51677d8bd900129d0aeab4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-