General
-
Target
PURCHASE ORDER.doc
-
Size
26KB
-
Sample
221205-ssgfescb69
-
MD5
996b113dfcf00012539bbca65d886074
-
SHA1
b05ce7726b68786c9ffbae7ae42ac4d18c6e1c39
-
SHA256
776c5e0b503498c97326589010eb397bbb756af1a8c49851ed7d4be56a8dc0b8
-
SHA512
7b0a44a9b13e100086e6a77ec79ad600f40e072f32f1658805cc916bf27b8ece6c29b2788401becf040396cfa6e925c1925b19b2fc3e32c9d37f72d717bd4aaa
-
SSDEEP
768:mFx0XaIsnPRIa4fwJM7ta37OCTz2ifuo6/p:mf0Xvx3EMxa3gGY/p
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER.rtf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
PURCHASE ORDER.rtf
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
hnxqezadblabdsss
Targets
-
-
Target
PURCHASE ORDER.doc
-
Size
26KB
-
MD5
996b113dfcf00012539bbca65d886074
-
SHA1
b05ce7726b68786c9ffbae7ae42ac4d18c6e1c39
-
SHA256
776c5e0b503498c97326589010eb397bbb756af1a8c49851ed7d4be56a8dc0b8
-
SHA512
7b0a44a9b13e100086e6a77ec79ad600f40e072f32f1658805cc916bf27b8ece6c29b2788401becf040396cfa6e925c1925b19b2fc3e32c9d37f72d717bd4aaa
-
SSDEEP
768:mFx0XaIsnPRIa4fwJM7ta37OCTz2ifuo6/p:mf0Xvx3EMxa3gGY/p
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-