General
-
Target
N DOCUMENTS.exe
-
Size
1.1MB
-
Sample
231204-ld7whaac64
-
MD5
440faaa42ef0d21bd30d04585880605f
-
SHA1
1f285bac25369f93edde9d6077af7ac81e86edb1
-
SHA256
5c4936b5fb84ffef88404aa02b889bd1bb3edb999e70d7b3a1fd179c6fef96ac
-
SHA512
110be6b3ed1ca2412c7122b73fd22b3b9807649b382469d017284a39b2fb1bbc502bacf1542873cb977a90048b03504ba079c49453216bb5b7acd9a75f667f2c
-
SSDEEP
12288:/ndw0fWL//kwmoPdNKPvnAEkIrmLLyoVyXPyH32hQyiqwUqAlL1WTw9U:VtfWLnkwnmPAEbrmqPmsuSqtw9
Static task
static1
Behavioral task
behavioral1
Sample
N DOCUMENTS.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
N DOCUMENTS.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
https://discord.com/api/webhooks/1154163108810588211/AgBZL7rJGi1lCJ3uO1rvgKfc1qmRuByZTYoR6aW5Mhtyib0G80WMYTnWUdgK97WvE8rG
Targets
-
-
Target
N DOCUMENTS.exe
-
Size
1.1MB
-
MD5
440faaa42ef0d21bd30d04585880605f
-
SHA1
1f285bac25369f93edde9d6077af7ac81e86edb1
-
SHA256
5c4936b5fb84ffef88404aa02b889bd1bb3edb999e70d7b3a1fd179c6fef96ac
-
SHA512
110be6b3ed1ca2412c7122b73fd22b3b9807649b382469d017284a39b2fb1bbc502bacf1542873cb977a90048b03504ba079c49453216bb5b7acd9a75f667f2c
-
SSDEEP
12288:/ndw0fWL//kwmoPdNKPvnAEkIrmLLyoVyXPyH32hQyiqwUqAlL1WTw9U:VtfWLnkwnmPAEbrmqPmsuSqtw9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-