General
-
Target
scancopy02892.xlam
-
Size
723KB
-
Sample
231203-splkzacd59
-
MD5
ef4287058ac7c3164e88aa66474a9218
-
SHA1
aa3f637b3b8ba91de00d24f76e39aa68c64debe6
-
SHA256
eba8f2d59efd39860b5cb8e49e8cd1a869b8bd2dc68ca584a80a48d1a4f3ea5b
-
SHA512
da8bd1189c8ce7a9c0b908f0008550aa7636c6bc5b961882fcf39a6d4c88ebd20f059af83aed2e149125016b0e1da4b561cbbad23e840392b62541231d63a638
-
SSDEEP
12288:IH0eV/6myhdvP/UubWUJ6PKs0G+2Q+MHx0bP/rv/jd4ltPtPJOp:IUeQmyhdXlCUJsl+m8x0b314l/xU
Static task
static1
Behavioral task
behavioral1
Sample
scancopy02892.xlam
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
scancopy02892.xlam
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
Zcj,hK*0y{mA - Email To:
[email protected]
Targets
-
-
Target
scancopy02892.xlam
-
Size
723KB
-
MD5
ef4287058ac7c3164e88aa66474a9218
-
SHA1
aa3f637b3b8ba91de00d24f76e39aa68c64debe6
-
SHA256
eba8f2d59efd39860b5cb8e49e8cd1a869b8bd2dc68ca584a80a48d1a4f3ea5b
-
SHA512
da8bd1189c8ce7a9c0b908f0008550aa7636c6bc5b961882fcf39a6d4c88ebd20f059af83aed2e149125016b0e1da4b561cbbad23e840392b62541231d63a638
-
SSDEEP
12288:IH0eV/6myhdvP/UubWUJ6PKs0G+2Q+MHx0bP/rv/jd4ltPtPJOp:IUeQmyhdXlCUJsl+m8x0b314l/xU
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-