General
-
Target
INV000381021.doc
-
Size
26KB
-
Sample
230403-pncpwsef47
-
MD5
8b33f455d3011f5b75cdf053e59ab724
-
SHA1
29c35484623d8b483e4f4e2f053b873b4d08f55c
-
SHA256
a274aac5116a0ac420cbef327f96663a687239d4e8668a2b89ad65b6147c8fe1
-
SHA512
ad487296f19b63e6fcc0eb2df6d52d7bd8c10375517f0ef3a60eaf032ad9ee13afa84784b74b6df1be3a962e60c7ec3d0d7aa92c5d39d0ab238cbb73a3c12734
-
SSDEEP
384:wQMmdOFNYY0aaaIswqPeOrka1+fHQJ+t3rQkRhZV1Xb14nJ33OzEQKXEq88koTs:sFx0XaIsnPRIa4fwJMdqnJ33QKXEj3j
Static task
static1
Behavioral task
behavioral1
Sample
INV000381021.rtf
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
INV000381021.rtf
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
qbkcioyfoxstxqax - Email To:
[email protected]
Targets
-
-
Target
INV000381021.doc
-
Size
26KB
-
MD5
8b33f455d3011f5b75cdf053e59ab724
-
SHA1
29c35484623d8b483e4f4e2f053b873b4d08f55c
-
SHA256
a274aac5116a0ac420cbef327f96663a687239d4e8668a2b89ad65b6147c8fe1
-
SHA512
ad487296f19b63e6fcc0eb2df6d52d7bd8c10375517f0ef3a60eaf032ad9ee13afa84784b74b6df1be3a962e60c7ec3d0d7aa92c5d39d0ab238cbb73a3c12734
-
SSDEEP
384:wQMmdOFNYY0aaaIswqPeOrka1+fHQJ+t3rQkRhZV1Xb14nJ33OzEQKXEq88koTs:sFx0XaIsnPRIa4fwJMdqnJ33QKXEj3j
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-