General
-
Target
Doc0750012xls.exe
-
Size
130KB
-
Sample
231204-xvdjrsed4z
-
MD5
1f5e3fcbdd05b2d7975bdba2c9397142
-
SHA1
b98fa7f58a059e2b136ac22b78b23da2fe0d78e3
-
SHA256
644a614093e652cd1f25a25e72479b6a50c3075cbf557a0549600bdbc521c3a3
-
SHA512
1bcc5627f281e4b4ffcc7f468b92d03afff4dfc2b66d7f70fd04380ec20a7c2bf1a6a3c7dca474f273c2f4c245b4760c490fb24468f0a0627a08c17526006dbf
-
SSDEEP
1536:B5rFV5vpLIr56x6UkUPmxSQNrjxsM0F48t6A3htV:B5xtLheUuxSJF492V
Static task
static1
Behavioral task
behavioral1
Sample
Doc0750012xls.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Doc0750012xls.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
Protocol: smtp- Host:
server1.sqsendy.shop - Port:
587 - Username:
[email protected] - Password:
(;1q-5*CoN.3
Extracted
agenttesla
Protocol: smtp- Host:
server1.sqsendy.shop - Port:
587 - Username:
[email protected] - Password:
(;1q-5*CoN.3 - Email To:
[email protected]
Targets
-
-
Target
Doc0750012xls.exe
-
Size
130KB
-
MD5
1f5e3fcbdd05b2d7975bdba2c9397142
-
SHA1
b98fa7f58a059e2b136ac22b78b23da2fe0d78e3
-
SHA256
644a614093e652cd1f25a25e72479b6a50c3075cbf557a0549600bdbc521c3a3
-
SHA512
1bcc5627f281e4b4ffcc7f468b92d03afff4dfc2b66d7f70fd04380ec20a7c2bf1a6a3c7dca474f273c2f4c245b4760c490fb24468f0a0627a08c17526006dbf
-
SSDEEP
1536:B5rFV5vpLIr56x6UkUPmxSQNrjxsM0F48t6A3htV:B5xtLheUuxSJF492V
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-