General
-
Target
PI.xlsx
-
Size
110KB
-
Sample
220725-k435kabgdn
-
MD5
f3fbcbf9a28dc9aa9c541e4d170ca71c
-
SHA1
3da20744fb4ab31cbd6b5d8fedf1de8f9567b502
-
SHA256
53c7bb8800c559d15b805410bf6f9d38b0a090f25e685c87c307c7509b8726e8
-
SHA512
20b39da819591d0696c61cdb56da1653a3c5e8b612db47c757e483a720e08f0fc7a2b41441b3d87082edd0975052abf5630e1f1da20eb2410eb7f81c3cdb259f
Static task
static1
Behavioral task
behavioral1
Sample
PI.xlsx
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
PI.xlsx
Resource
win10v2004-20220721-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot2134979594:AAFk4QkrlHlt2a-q-EhIoHZBbzxSH0QxiBI/sendDocument
Targets
-
-
Target
PI.xlsx
-
Size
110KB
-
MD5
f3fbcbf9a28dc9aa9c541e4d170ca71c
-
SHA1
3da20744fb4ab31cbd6b5d8fedf1de8f9567b502
-
SHA256
53c7bb8800c559d15b805410bf6f9d38b0a090f25e685c87c307c7509b8726e8
-
SHA512
20b39da819591d0696c61cdb56da1653a3c5e8b612db47c757e483a720e08f0fc7a2b41441b3d87082edd0975052abf5630e1f1da20eb2410eb7f81c3cdb259f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
AgentTesla payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-