General
-
Target
698745.doc
-
Size
11KB
-
Sample
221003-jspx5aeag9
-
MD5
3b9b303091bd2ad953d52b4689aea888
-
SHA1
c7c9d4d948f78c408dd7a387da8269dc33f27e04
-
SHA256
10d50a09310d58a5c545642cb554c0480af907ff610165151365146f56fd5642
-
SHA512
b24bbe23006f99f26610a4e73c661236ecdfb661c552aad534508baf377a6ebd25f95f7baf3d416e3972f20d484e20b5eb203bbbdcb9811132384e199c086fc8
-
SSDEEP
192:J4NurzScc+RroLUfNXtkFN3HZbrocsNAJJNP70y238nE/rA+3AZ5y9RmEUfrDx3W:Aurz9hrcANXqFN3HZbvJXPV2sn0TAzJi
Static task
static1
Behavioral task
behavioral1
Sample
698745.rtf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
698745.rtf
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: ftp- Host:
192.3.223.202 - Port:
21 - Username:
ftplogs - Password:
sPkZ7jK7P6aA
Extracted
agenttesla
Protocol: ftp- Host:
ftp://192.3.223.202 - Port:
21 - Username:
ftplogs - Password:
sPkZ7jK7P6aA
Targets
-
-
Target
698745.doc
-
Size
11KB
-
MD5
3b9b303091bd2ad953d52b4689aea888
-
SHA1
c7c9d4d948f78c408dd7a387da8269dc33f27e04
-
SHA256
10d50a09310d58a5c545642cb554c0480af907ff610165151365146f56fd5642
-
SHA512
b24bbe23006f99f26610a4e73c661236ecdfb661c552aad534508baf377a6ebd25f95f7baf3d416e3972f20d484e20b5eb203bbbdcb9811132384e199c086fc8
-
SSDEEP
192:J4NurzScc+RroLUfNXtkFN3HZbrocsNAJJNP70y238nE/rA+3AZ5y9RmEUfrDx3W:Aurz9hrcANXqFN3HZbvJXPV2sn0TAzJi
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-