General
-
Target
PO 0051-23.xlsx
-
Size
1.2MB
-
Sample
230401-kw6kqaad8v
-
MD5
6971f4c7a19776526019968f4affc2d5
-
SHA1
354dc5550ddceba7961d56e640258a656be72d75
-
SHA256
6b33c07dace9e71ed184d8957a488e3ca72ab5422db0786f0282c1bdabd8a718
-
SHA512
90cc6344f93017b49070e36e55494f79d4be14941be381ef349b16333319a394c2c2b1d3933da4512600ff9dac6c2062160e3cbafc8ce57733f7463bcb93f46c
-
SSDEEP
24576:c+FxrAefs5pdoqiUXE06ZPmy/VuR7KcPJI8cc+Y9G+oC+2MJSaY:c+FxrAeXqN5TyAJhP+D2gQ6SR
Static task
static1
Behavioral task
behavioral1
Sample
PO 0051-23.xlsx
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PO 0051-23.xlsx
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
PO 0051-23.xlsx
-
Size
1.2MB
-
MD5
6971f4c7a19776526019968f4affc2d5
-
SHA1
354dc5550ddceba7961d56e640258a656be72d75
-
SHA256
6b33c07dace9e71ed184d8957a488e3ca72ab5422db0786f0282c1bdabd8a718
-
SHA512
90cc6344f93017b49070e36e55494f79d4be14941be381ef349b16333319a394c2c2b1d3933da4512600ff9dac6c2062160e3cbafc8ce57733f7463bcb93f46c
-
SSDEEP
24576:c+FxrAefs5pdoqiUXE06ZPmy/VuR7KcPJI8cc+Y9G+oC+2MJSaY:c+FxrAeXqN5TyAJhP+D2gQ6SR
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-