General
-
Target
f7925b0edcb383f181bbb45b29acaad0b837f0ea742a755e47aed688bcd170cf
-
Size
58KB
-
Sample
231203-b7fzrsgh36
-
MD5
6ee6e6e58e88fbb222f7b1c8e37973d7
-
SHA1
fad289b5872a39a24d151ba59102c8d7c2e73e35
-
SHA256
f7925b0edcb383f181bbb45b29acaad0b837f0ea742a755e47aed688bcd170cf
-
SHA512
439dd171e5fcb4d30928b2fa19f17f709ca5056ae097a03decd7b9df6da5726eaf3b93499958660cecf75eef0d25d575216e5b6009f3ff68756c949ff272abc8
-
SSDEEP
1536:zU3fjdJnp5MMS+IX/tlKcEVM0l+Sdym9NEPTpKzEjs3jHBE:XtlKc2fl+SdBHErpKzEjs3LO
Static task
static1
Behavioral task
behavioral1
Sample
f7925b0edcb383f181bbb45b29acaad0b837f0ea742a755e47aed688bcd170cf.rtf
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
f7925b0edcb383f181bbb45b29acaad0b837f0ea742a755e47aed688bcd170cf.rtf
Resource
win10v2004-20231130-en
Malware Config
Targets
-
-
Target
f7925b0edcb383f181bbb45b29acaad0b837f0ea742a755e47aed688bcd170cf
-
Size
58KB
-
MD5
6ee6e6e58e88fbb222f7b1c8e37973d7
-
SHA1
fad289b5872a39a24d151ba59102c8d7c2e73e35
-
SHA256
f7925b0edcb383f181bbb45b29acaad0b837f0ea742a755e47aed688bcd170cf
-
SHA512
439dd171e5fcb4d30928b2fa19f17f709ca5056ae097a03decd7b9df6da5726eaf3b93499958660cecf75eef0d25d575216e5b6009f3ff68756c949ff272abc8
-
SSDEEP
1536:zU3fjdJnp5MMS+IX/tlKcEVM0l+Sdym9NEPTpKzEjs3jHBE:XtlKc2fl+SdBHErpKzEjs3LO
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-