General
-
Target
ORDER N. F-1676.23.xls
-
Size
392KB
-
Sample
231205-r757naca77
-
MD5
3408974acb99e7eb86e75d116d3cbe08
-
SHA1
1d4e5df1f326f6239038b4631d3041f8c8bce8b0
-
SHA256
ba24230fc982ae4d2ef597abf179e4cdebce6cbed76ea929a636821309d1e29f
-
SHA512
40c04a8e8c0232fefb623bd845597f30f0cca6ba34fe041a22d14234efe55a25b1d1ad4b9ef753fe641ff293477ff943443256bee2c00b8c2a51062dab6db2d6
-
SSDEEP
6144:Gn1m9kdbvPpeZkVl3S4qQygZpuUXyRcVlgTf+0W8r8NR/+zTlsvsgYtZlTTDyrh:GOeLtni5XgZTyqVGruU5lTSrh
Static task
static1
Behavioral task
behavioral1
Sample
ORDER N. F-1676.23.xls
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
ORDER N. F-1676.23.xls
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.abi0expertise.com - Port:
587 - Username:
[email protected] - Password:
Najwa1949! - Email To:
[email protected]
Targets
-
-
Target
ORDER N. F-1676.23.xls
-
Size
392KB
-
MD5
3408974acb99e7eb86e75d116d3cbe08
-
SHA1
1d4e5df1f326f6239038b4631d3041f8c8bce8b0
-
SHA256
ba24230fc982ae4d2ef597abf179e4cdebce6cbed76ea929a636821309d1e29f
-
SHA512
40c04a8e8c0232fefb623bd845597f30f0cca6ba34fe041a22d14234efe55a25b1d1ad4b9ef753fe641ff293477ff943443256bee2c00b8c2a51062dab6db2d6
-
SSDEEP
6144:Gn1m9kdbvPpeZkVl3S4qQygZpuUXyRcVlgTf+0W8r8NR/+zTlsvsgYtZlTTDyrh:GOeLtni5XgZTyqVGruU5lTSrh
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-