General
-
Target
SecuriteInfo.com.Other.Malware-gen.10524.21573.xlsx
-
Size
221KB
-
Sample
221206-mlkllshh44
-
MD5
ba140575f444636137918707b2a07945
-
SHA1
92903c1427303ebcf7849b299e53ef752803f460
-
SHA256
602fdfaca2acb0ad0b3db39bec02ba51829cab885323958407eeeb3c48095d61
-
SHA512
c08dfd5118fa93df1b3d56ffb776cca9446a5bd19585b11103f9063195280db1f6cd4bd00eb9550ecaff3acb8cd0cbbd71c847aedf03750804e9e7d9714974a9
-
SSDEEP
6144:NZ+RwPONXoRjDhIcp0fDlavx+W26nAYklKqiJYF+s3:xkoqCU3
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Other.Malware-gen.10524.21573.xls
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Other.Malware-gen.10524.21573.xls
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
host39.registrar-servers.com - Port:
587 - Username:
[email protected] - Password:
payme nt12345
Targets
-
-
Target
SecuriteInfo.com.Other.Malware-gen.10524.21573.xlsx
-
Size
221KB
-
MD5
ba140575f444636137918707b2a07945
-
SHA1
92903c1427303ebcf7849b299e53ef752803f460
-
SHA256
602fdfaca2acb0ad0b3db39bec02ba51829cab885323958407eeeb3c48095d61
-
SHA512
c08dfd5118fa93df1b3d56ffb776cca9446a5bd19585b11103f9063195280db1f6cd4bd00eb9550ecaff3acb8cd0cbbd71c847aedf03750804e9e7d9714974a9
-
SSDEEP
6144:NZ+RwPONXoRjDhIcp0fDlavx+W26nAYklKqiJYF+s3:xkoqCU3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-