General
-
Target
6.doc
-
Size
39KB
-
Sample
230609-qrfrdsda6t
-
MD5
9be3fa22dac05f9f4849783b95fb2ad1
-
SHA1
4907ef28bd43a4398ae9eba0637044d3ad255593
-
SHA256
6084618816056a1e0afb21c42e0dd0d7e6846296e7bbc2a6f905b832bfe94aa6
-
SHA512
7d5208c8cf70999f8dee34e7d3052de746170f7042ace4208ba63dce4742c5bec046576be4a14c03a57fd439ae67087421c2c336c467a4b2ee0ef33c08d03197
-
SSDEEP
768:lFx0XaIsnPRIa4fwJMvPM98LbV1B7GMCrQEun16Bx0qbpcRUDdsmKjkRA3:lf0Xvx3EMXM2bV11dCron16jVb2xmRA3
Static task
static1
Behavioral task
behavioral1
Sample
6.rtf
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
6.rtf
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6065390312:AAHITY0Cpait9qz75kHoNw30slpj1yIIn7Y/
Targets
-
-
Target
6.doc
-
Size
39KB
-
MD5
9be3fa22dac05f9f4849783b95fb2ad1
-
SHA1
4907ef28bd43a4398ae9eba0637044d3ad255593
-
SHA256
6084618816056a1e0afb21c42e0dd0d7e6846296e7bbc2a6f905b832bfe94aa6
-
SHA512
7d5208c8cf70999f8dee34e7d3052de746170f7042ace4208ba63dce4742c5bec046576be4a14c03a57fd439ae67087421c2c336c467a4b2ee0ef33c08d03197
-
SSDEEP
768:lFx0XaIsnPRIa4fwJMvPM98LbV1B7GMCrQEun16Bx0qbpcRUDdsmKjkRA3:lf0Xvx3EMXM2bV11dCron16jVb2xmRA3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-