General
-
Target
e0f39aafb9e7336243e6e7474a8dae1eaef0d47f18cf248647447de68025419d
-
Size
581KB
-
Sample
231213-b7agzsfge2
-
MD5
9a6023f380a3ca9497b58c03af489a46
-
SHA1
b0c3f4a422bdebb69ae2b23a02ede3d4963a2f1f
-
SHA256
e0f39aafb9e7336243e6e7474a8dae1eaef0d47f18cf248647447de68025419d
-
SHA512
0713716a398dc5633bfcf4dd5b48db1ffb226efb7fad594fc74e31cc6e84ba4ebdb158763ba3d874c2d9e5654c640a5e75a158257e09af043dbcdba970a7da12
-
SSDEEP
12288:OMe0yk97XV2bZ/HEIR01GF3CxBfL9DeHp/GilMD:OMeo9gdvR2GFupxCHv
Static task
static1
Behavioral task
behavioral1
Sample
e0f39aafb9e7336243e6e7474a8dae1eaef0d47f18cf248647447de68025419d.xls
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
e0f39aafb9e7336243e6e7474a8dae1eaef0d47f18cf248647447de68025419d.xls
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.experthvac.ro - Port:
21 - Username:
[email protected] - Password:
-8{jszMOY*Z8(~Za0#jyP%o7VoB.0)kk^)7_
Targets
-
-
Target
e0f39aafb9e7336243e6e7474a8dae1eaef0d47f18cf248647447de68025419d
-
Size
581KB
-
MD5
9a6023f380a3ca9497b58c03af489a46
-
SHA1
b0c3f4a422bdebb69ae2b23a02ede3d4963a2f1f
-
SHA256
e0f39aafb9e7336243e6e7474a8dae1eaef0d47f18cf248647447de68025419d
-
SHA512
0713716a398dc5633bfcf4dd5b48db1ffb226efb7fad594fc74e31cc6e84ba4ebdb158763ba3d874c2d9e5654c640a5e75a158257e09af043dbcdba970a7da12
-
SSDEEP
12288:OMe0yk97XV2bZ/HEIR01GF3CxBfL9DeHp/GilMD:OMeo9gdvR2GFupxCHv
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-