General
-
Target
SKMBT-26492048.doc
-
Size
29KB
-
Sample
221207-nxbzaade34
-
MD5
2a9416fdb9589a08d47ee77c605135f7
-
SHA1
6bd96607cf10750439eee6f8e36d3ad49c42c37a
-
SHA256
d46b345892a5710fff0d9d3bb4293cf0ddbde73c59409bfa22baac017016e2e1
-
SHA512
5ffb3bffd0189046675a344a0d286f03b6d5556b88736cdd7b1eac54a4ef2298ff6ac0b75ba8c264d5216cf4e4cf69c1574fcef0eae3d0337443035f23a0f8bb
-
SSDEEP
768:qFx0XaIsnPRIa4fwJMXvlfCdtSKic2i92Wf9zJp:qf0Xvx3EMXtadxHFJp
Static task
static1
Behavioral task
behavioral1
Sample
SKMBT-26492048.rtf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SKMBT-26492048.rtf
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
hnxqezadblabdsss
Targets
-
-
Target
SKMBT-26492048.doc
-
Size
29KB
-
MD5
2a9416fdb9589a08d47ee77c605135f7
-
SHA1
6bd96607cf10750439eee6f8e36d3ad49c42c37a
-
SHA256
d46b345892a5710fff0d9d3bb4293cf0ddbde73c59409bfa22baac017016e2e1
-
SHA512
5ffb3bffd0189046675a344a0d286f03b6d5556b88736cdd7b1eac54a4ef2298ff6ac0b75ba8c264d5216cf4e4cf69c1574fcef0eae3d0337443035f23a0f8bb
-
SSDEEP
768:qFx0XaIsnPRIa4fwJMXvlfCdtSKic2i92Wf9zJp:qf0Xvx3EMXtadxHFJp
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-