General
-
Target
8264a089a3600c557bbdc8e0a3e35dbb8b8fae37e4f430faf795bb3a4115ca02
-
Size
317KB
-
Sample
240426-bskpeagh95
-
MD5
d8e148605f430bdfc7a4ce2635a1b886
-
SHA1
f678da501df28713fbecc6c54be2681169acffbd
-
SHA256
8264a089a3600c557bbdc8e0a3e35dbb8b8fae37e4f430faf795bb3a4115ca02
-
SHA512
e42e343b9d4330b778e2615314cd6a752040dfab2f190b1cbd84f8881c9faebc756a5d66cd9bb98249130b5147f0b22e3e06e8a29b17f648fa76e21f8e0ef4fe
-
SSDEEP
6144:6WunJ/qQY35qAOJl/YrLYz+WrNhZF+E+fgL+0dD8ivSbVwdMIG+e1Lj4c82rIGYW:6HJ/qN3bVwdMIG+e1Ac82W6+
Static task
static1
Behavioral task
behavioral1
Sample
8264a089a3600c557bbdc8e0a3e35dbb8b8fae37e4f430faf795bb3a4115ca02.xls
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8264a089a3600c557bbdc8e0a3e35dbb8b8fae37e4f430faf795bb3a4115ca02.xls
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.officeemailbackup.com - Port:
587 - Username:
[email protected] - Password:
)o!yHrsuTG#e - Email To:
[email protected]
Targets
-
-
Target
8264a089a3600c557bbdc8e0a3e35dbb8b8fae37e4f430faf795bb3a4115ca02
-
Size
317KB
-
MD5
d8e148605f430bdfc7a4ce2635a1b886
-
SHA1
f678da501df28713fbecc6c54be2681169acffbd
-
SHA256
8264a089a3600c557bbdc8e0a3e35dbb8b8fae37e4f430faf795bb3a4115ca02
-
SHA512
e42e343b9d4330b778e2615314cd6a752040dfab2f190b1cbd84f8881c9faebc756a5d66cd9bb98249130b5147f0b22e3e06e8a29b17f648fa76e21f8e0ef4fe
-
SSDEEP
6144:6WunJ/qQY35qAOJl/YrLYz+WrNhZF+E+fgL+0dD8ivSbVwdMIG+e1Lj4c82rIGYW:6HJ/qN3bVwdMIG+e1Ac82W6+
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-