General
-
Target
obizx.doc
-
Size
193KB
-
Sample
231206-cj7cgsab52
-
MD5
91dcb6cc7abd7d1fc56b67b167ca0680
-
SHA1
c50d9452b93bc66d13d5dea119c416180f22a3ea
-
SHA256
dbf90e15084a0435f44d21631b48e8c1cddfae971f631cb06647dd6de78873b1
-
SHA512
a23be617a086d2572d5d45153cb14bb8eb3d8728dbc388c5c31e59ce1015d142819866848bd7927a5e903952dad56e40cf3a79c80bbaff2b62e64d7212742fbd
-
SSDEEP
768:KwAbZSibMX9gRWjtwAbZSibMX9gRWjGfkiHw5A/Qok5:KwAlRkwAlRHflw5A/s
Static task
static1
Behavioral task
behavioral1
Sample
obizx.rtf
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
obizx.rtf
Resource
win10v2004-20231130-en
Malware Config
Extracted
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
obizx.doc
-
Size
193KB
-
MD5
91dcb6cc7abd7d1fc56b67b167ca0680
-
SHA1
c50d9452b93bc66d13d5dea119c416180f22a3ea
-
SHA256
dbf90e15084a0435f44d21631b48e8c1cddfae971f631cb06647dd6de78873b1
-
SHA512
a23be617a086d2572d5d45153cb14bb8eb3d8728dbc388c5c31e59ce1015d142819866848bd7927a5e903952dad56e40cf3a79c80bbaff2b62e64d7212742fbd
-
SSDEEP
768:KwAbZSibMX9gRWjtwAbZSibMX9gRWjGfkiHw5A/Qok5:KwAlRkwAlRHflw5A/s
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-