General
-
Target
0937db05f9825fd32a3418c2a2036896da92fff451d05cd0ec1f0e713c06dd2d
-
Size
189KB
-
Sample
231207-c5vwksaea6
-
MD5
3a1465089ba79f5463130adfcb9ef647
-
SHA1
f7c8db38416277ad982b6aa7c134761abf2d3066
-
SHA256
0937db05f9825fd32a3418c2a2036896da92fff451d05cd0ec1f0e713c06dd2d
-
SHA512
c4d90650fa09a8c290455b6c911b5455554e18b4185f8405c46a34a3475567992f1dd52f7b34d4dbf789381b87344a3a766e74c251c6bfe08ac2fd6ecb5a93c1
-
SSDEEP
768:3wAbZSibMX9gRWjtwAbZSibMX9gRWjuuvK9laxlywPKKckNZPsE8GYmAKp:3wAlRkwAlRoowLKKDZPZ8GYmTp
Static task
static1
Behavioral task
behavioral1
Sample
0937db05f9825fd32a3418c2a2036896da92fff451d05cd0ec1f0e713c06dd2d.rtf
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
0937db05f9825fd32a3418c2a2036896da92fff451d05cd0ec1f0e713c06dd2d.rtf
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.turathmall-ksa.com - Port:
587 - Username:
[email protected] - Password:
Julliannah123 - Email To:
[email protected]
Targets
-
-
Target
0937db05f9825fd32a3418c2a2036896da92fff451d05cd0ec1f0e713c06dd2d
-
Size
189KB
-
MD5
3a1465089ba79f5463130adfcb9ef647
-
SHA1
f7c8db38416277ad982b6aa7c134761abf2d3066
-
SHA256
0937db05f9825fd32a3418c2a2036896da92fff451d05cd0ec1f0e713c06dd2d
-
SHA512
c4d90650fa09a8c290455b6c911b5455554e18b4185f8405c46a34a3475567992f1dd52f7b34d4dbf789381b87344a3a766e74c251c6bfe08ac2fd6ecb5a93c1
-
SSDEEP
768:3wAbZSibMX9gRWjtwAbZSibMX9gRWjuuvK9laxlywPKKckNZPsE8GYmAKp:3wAlRkwAlRoowLKKDZPZ8GYmTp
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-