General
-
Target
SecuriteInfo.com.Exploit.CVE-2017-11882.123.19899.13341.rtf
-
Size
8KB
-
Sample
221206-jgyqwsag8t
-
MD5
b21080496cd06c4ec05a717005ac8de0
-
SHA1
19e19d2cfb4beb2b01a58e946686b65670fa1d5b
-
SHA256
f7d23a1a9687e11409154eef5ff6e38b0ce19bd6747b45814cd6221ee1bc02cd
-
SHA512
2a14ea6b993798af7ef501dd2f482f3857baa0a3c2d006ac76f693d8cee5fd1751979e4599cbda29f02c7d0e637b29752f8fb2d96a8573c452bacce8f4cb4756
-
SSDEEP
192:yjuVkiWDShim94VQiCO3Ya+KizjfVQ6jNM99HTbBGG:yjuVkciizipIn9zjdBM9pBGG
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.CVE-2017-11882.123.19899.13341.rtf
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.CVE-2017-11882.123.19899.13341.rtf
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
https://discord.com/api/webhooks/1048308947817353288/5ypgS4XmSt1xW_MYhzjePp8jxnOIkdnEO0OTccrP0m7sB3ynEyezAUtrX-js6a4kTsJ8
Targets
-
-
Target
SecuriteInfo.com.Exploit.CVE-2017-11882.123.19899.13341.rtf
-
Size
8KB
-
MD5
b21080496cd06c4ec05a717005ac8de0
-
SHA1
19e19d2cfb4beb2b01a58e946686b65670fa1d5b
-
SHA256
f7d23a1a9687e11409154eef5ff6e38b0ce19bd6747b45814cd6221ee1bc02cd
-
SHA512
2a14ea6b993798af7ef501dd2f482f3857baa0a3c2d006ac76f693d8cee5fd1751979e4599cbda29f02c7d0e637b29752f8fb2d96a8573c452bacce8f4cb4756
-
SSDEEP
192:yjuVkiWDShim94VQiCO3Ya+KizjfVQ6jNM99HTbBGG:yjuVkciizipIn9zjdBM9pBGG
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-