General
-
Target
dd94c4c0dd46a40cb71f1b59b079577c8a4f6e4a1df88533d7edfea19099729c
-
Size
391KB
-
Sample
231205-clq4aaha76
-
MD5
2d6edf232ef2f4e9ac72de52b4b4efa5
-
SHA1
2bbfb909e4e3bb1a1518e973afec5b587b59e426
-
SHA256
dd94c4c0dd46a40cb71f1b59b079577c8a4f6e4a1df88533d7edfea19099729c
-
SHA512
90cbe6288b682f688accd8a7493202d26f8a8614bc5a5bdc19743a4b8570bf7dfc47a1496f6fea759ba2319f2744e8bf17cdd6d859723cfee7ae3a4a2488c32e
-
SSDEEP
6144:/n1m9kdbQS6vsB3qfLWnNnBkbE9UX3rhnpC3quvmb6SrnV3LYpMMAI:/OeuvsB351Bkr3rh9b9hr
Static task
static1
Behavioral task
behavioral1
Sample
dd94c4c0dd46a40cb71f1b59b079577c8a4f6e4a1df88533d7edfea19099729c.xls
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
dd94c4c0dd46a40cb71f1b59b079577c8a4f6e4a1df88533d7edfea19099729c.xls
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.experthvac.ro - Port:
21 - Username:
[email protected] - Password:
-8{jszMOY*Z8(~Za0#jyP%o7VoB.0)kk^)7_
Targets
-
-
Target
dd94c4c0dd46a40cb71f1b59b079577c8a4f6e4a1df88533d7edfea19099729c
-
Size
391KB
-
MD5
2d6edf232ef2f4e9ac72de52b4b4efa5
-
SHA1
2bbfb909e4e3bb1a1518e973afec5b587b59e426
-
SHA256
dd94c4c0dd46a40cb71f1b59b079577c8a4f6e4a1df88533d7edfea19099729c
-
SHA512
90cbe6288b682f688accd8a7493202d26f8a8614bc5a5bdc19743a4b8570bf7dfc47a1496f6fea759ba2319f2744e8bf17cdd6d859723cfee7ae3a4a2488c32e
-
SSDEEP
6144:/n1m9kdbQS6vsB3qfLWnNnBkbE9UX3rhnpC3quvmb6SrnV3LYpMMAI:/OeuvsB351Bkr3rh9b9hr
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-