General
-
Target
f0a27618b5718409b3f2343a223f7d75ae36ab893f98315a13fe492b29bd81d1.zip
-
Size
687KB
-
Sample
240327-bjlkcagf57
-
MD5
84a794f945d50fe600f910d93b6597a7
-
SHA1
8985ca07dd1bbbd970e834a80f066fc53eefe410
-
SHA256
f6a0c9c4c8afebbbb42f3e24874ed1c67f064464e9e636bfeffd02150f055642
-
SHA512
a3c2f114af9f7f3b52ed5b6bc63bbc3124d36a07edbead8ceaf0300660cebdd08e068698983f25d69cf8ade227974a02acf5f37d37dc70a3d656cfd68a24a9d6
-
SSDEEP
12288:2JlASURYDS4JQfNnhlvZVQ9K8iMZH4A/URAODmyV+Hc5P5eE9RfZ2:Ol2G/JQfNnh1Dmx/xURAODj+HeP5e0K
Static task
static1
Behavioral task
behavioral1
Sample
f0a27618b5718409b3f2343a223f7d75ae36ab893f98315a13fe492b29bd81d1.xlam
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f0a27618b5718409b3f2343a223f7d75ae36ab893f98315a13fe492b29bd81d1.xlam
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
rwe87$%21q - Email To:
[email protected]
Targets
-
-
Target
f0a27618b5718409b3f2343a223f7d75ae36ab893f98315a13fe492b29bd81d1.xlsx
-
Size
688KB
-
MD5
dd2f4303249786c6fa25e9b16664f1ec
-
SHA1
9fd8215c6da713423874bf29cd66dc87429176a7
-
SHA256
f0a27618b5718409b3f2343a223f7d75ae36ab893f98315a13fe492b29bd81d1
-
SHA512
462ab897b86af39973fdc8db736d4079032c1596538bc0000c69e4d869f896e2f54d7ecf308f5654da5791bccc6002184f38c32807a1605e1a60390c7ba026b1
-
SSDEEP
12288:DdtGeA+wXto4IFqqAzAsOppH5RZ6DF83ND8hc/ejS7j44RhTBkP:DdtGewXto4IZAzKTjZ6DFkNgc/gS7j5c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-