General
-
Target
66939cad8ad6ea772c4f93509fb43a63635024fcaf22605af3f6016a9bbc429b.zip
-
Size
699KB
-
Sample
240327-bnd13agg73
-
MD5
aef07c6d2c93f31f53371ad66994f925
-
SHA1
d69b62b08721290b070ee4eaa8fc1f50bc59ccc0
-
SHA256
9b4e3fa257eda8be15a340b57b2d6577dcf71ffd42d8187a719cb68bddd25004
-
SHA512
ab2251e3592f67f2c057a9c8c96a7c4ec615ee99432d09c5cc259226a382da6feb5fa05fd82592056b85cfb292aa78231efd173ef5cc23f1a89b4bb06a8aca35
-
SSDEEP
12288:QadCrQBS8UYaxvG7RqMoYUHZIEfpGw8vcTKEpJPXMtVUI5WiKzvDQpqmm6z3wi8x:Qa1SDpvwaT5IY8vcTNcVs7M+iwZhr
Static task
static1
Behavioral task
behavioral1
Sample
66939cad8ad6ea772c4f93509fb43a63635024fcaf22605af3f6016a9bbc429b.xlam
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
66939cad8ad6ea772c4f93509fb43a63635024fcaf22605af3f6016a9bbc429b.xlam
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
@qwerty90123 - Email To:
[email protected]
Targets
-
-
Target
66939cad8ad6ea772c4f93509fb43a63635024fcaf22605af3f6016a9bbc429b.xlsx
-
Size
700KB
-
MD5
f8798b71a4fbd1465cdff6564bae7ee8
-
SHA1
fafb4ef1565a1b70c7b716924815ef4ca24c2892
-
SHA256
66939cad8ad6ea772c4f93509fb43a63635024fcaf22605af3f6016a9bbc429b
-
SHA512
3585de2a710028297c41cc0de204466bbed4434eecb2293247a0f5d3327ee0a87d3f38c54d6530a71a7a6dc6634f7153fd3a03584f6b54f68b4f8e7602e85c9d
-
SSDEEP
12288:QjxdXgLho7M8ONl4/pUPhVa45JM3hdh4pxrlIrN4Y8guHHH8aVzVtuIHzdA0bH1:kxJgV8XRUZVxkdgBqrN854IHOA
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-