General
-
Target
e1b3f274356e15e14aa24e3651b0097ba60c5f91a5a7c6a3884896e11224486f.xlsx
-
Size
664KB
-
Sample
240509-l72atafb65
-
MD5
e6e804e32c278493689f6b0b95d4f78b
-
SHA1
60ed9b94a5bd3f247b9e401196a9b1f9a41e6429
-
SHA256
e1b3f274356e15e14aa24e3651b0097ba60c5f91a5a7c6a3884896e11224486f
-
SHA512
4438cda3ba381f62fb7cc131e3e52049d06d3169b193b4996474c225697f22d2cebba5a97ee319def34b9fdc21ee507d09519698c13423b761feb9149fb4a659
-
SSDEEP
12288:ltnW2oFEWBZXOy4tr0WETIfR1RN0/CSuo9dBPdcAlppBVP208:zW2ielQWCIfr0JZpdjpBNv8
Static task
static1
Behavioral task
behavioral1
Sample
e1b3f274356e15e14aa24e3651b0097ba60c5f91a5a7c6a3884896e11224486f.xlam
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e1b3f274356e15e14aa24e3651b0097ba60c5f91a5a7c6a3884896e11224486f.xlam
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
e1b3f274356e15e14aa24e3651b0097ba60c5f91a5a7c6a3884896e11224486f.xlsx
-
Size
664KB
-
MD5
e6e804e32c278493689f6b0b95d4f78b
-
SHA1
60ed9b94a5bd3f247b9e401196a9b1f9a41e6429
-
SHA256
e1b3f274356e15e14aa24e3651b0097ba60c5f91a5a7c6a3884896e11224486f
-
SHA512
4438cda3ba381f62fb7cc131e3e52049d06d3169b193b4996474c225697f22d2cebba5a97ee319def34b9fdc21ee507d09519698c13423b761feb9149fb4a659
-
SSDEEP
12288:ltnW2oFEWBZXOy4tr0WETIfR1RN0/CSuo9dBPdcAlppBVP208:zW2ielQWCIfr0JZpdjpBNv8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-