General
-
Target
JS ONSAN-VESSEL_DETAILS(1)(1).xlsx.lzh
-
Size
672KB
-
Sample
240603-k62phshh2v
-
MD5
8067557ae9e080d582021a7ad426ca11
-
SHA1
d696f06285161f24cc2f56c4693fd0e72ef91327
-
SHA256
ab154953bf25d3b4bfa47032114aa3012a67d38d08c7fefe6916552120071d7f
-
SHA512
d88190f3667c398c5e6dc03078507b48ba7d03a23096b0cba4cd8db9cde707cd5793ef0d8949e5924d0bb565b6acf21a51dc54f01fcd1de1bbfa6d9c2b09c1e1
-
SSDEEP
12288:GQsNSbOlsxRazYdLUDHIg2t2gRg96t7FArDE61ie1QETNin0lVNgR:GQssfz7L4It2m8DE617FS0buR
Static task
static1
Behavioral task
behavioral1
Sample
JS ONSAN-VESSEL_DETAILS(1)(1).xlsx.scr
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
JS ONSAN-VESSEL_DETAILS(1)(1).xlsx.scr
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://beirutrest.com - Port:
21 - Username:
[email protected] - Password:
9yXQ39wz(uL+
Extracted
Protocol: ftp- Host:
beirutrest.com - Port:
21 - Username:
[email protected] - Password:
9yXQ39wz(uL+
Targets
-
-
Target
JS ONSAN-VESSEL_DETAILS(1)(1).xlsx.scr
-
Size
844KB
-
MD5
d1473af035ad29a5106b6e0c86136c62
-
SHA1
d8aa3f840097d53cb03d35020e1ec904aa779b6c
-
SHA256
09e3dca360715fc66070377bbf9ac07c8af08b6f5bc11a8e9de381368b21a32d
-
SHA512
ab1c50459147d77ab5359d1899d7107c698e712cc6e6cd6371236a4a59ad04d755c563e8d58e9ef3e92ebbb7b575da798af1c2e16becb6040e141d7503820ed9
-
SSDEEP
24576:JMYeNVDN5i/7oYEADXg/7w6y5frNhSXiRIVqf:JMYePN5i/7vEWwjwNfrrSXwIVq
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-