General
-
Target
19215023198d9ebe4a626113cc6c001bd4d250ebea69aa25afd483aefd4c0984.xlsx
-
Size
653KB
-
Sample
240609-lcczqsgf3y
-
MD5
ddfba93d516fe962fc785056189afea7
-
SHA1
65197b03ded95c0664179c1f28637d5799ece267
-
SHA256
19215023198d9ebe4a626113cc6c001bd4d250ebea69aa25afd483aefd4c0984
-
SHA512
4954799467218948b955697827b98d7b9681b1608bc2472c57fa4c218a6d9f38491b7df10f60e66a69c699c8352d6a0392d059114c0c2be59e6fc254fa1e8b62
-
SSDEEP
12288:NLnWI4DNnXcSKJ/icWmLyzuCuMeOFC0180gzLuh1Y+5NIj6nSuP3T1sHOGJ65e:F0DNXcX0cWm+zLFWdLcK+TDx3pZs
Static task
static1
Behavioral task
behavioral1
Sample
19215023198d9ebe4a626113cc6c001bd4d250ebea69aa25afd483aefd4c0984.xlam
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
19215023198d9ebe4a626113cc6c001bd4d250ebea69aa25afd483aefd4c0984.xlam
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
19215023198d9ebe4a626113cc6c001bd4d250ebea69aa25afd483aefd4c0984.xlsx
-
Size
653KB
-
MD5
ddfba93d516fe962fc785056189afea7
-
SHA1
65197b03ded95c0664179c1f28637d5799ece267
-
SHA256
19215023198d9ebe4a626113cc6c001bd4d250ebea69aa25afd483aefd4c0984
-
SHA512
4954799467218948b955697827b98d7b9681b1608bc2472c57fa4c218a6d9f38491b7df10f60e66a69c699c8352d6a0392d059114c0c2be59e6fc254fa1e8b62
-
SSDEEP
12288:NLnWI4DNnXcSKJ/icWmLyzuCuMeOFC0180gzLuh1Y+5NIj6nSuP3T1sHOGJ65e:F0DNXcX0cWm+zLFWdLcK+TDx3pZs
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-