General
-
Target
c0baec4eb2deb38c2f86c250a7aae50a417652429439bb5ecce82e8bac6892ef.xlsx
-
Size
652KB
-
Sample
240609-lrlkeshf46
-
MD5
d32ebf59d912022ad03be9f1a79d1622
-
SHA1
70e185fcd828497aea47489ebd84feb70ed21983
-
SHA256
c0baec4eb2deb38c2f86c250a7aae50a417652429439bb5ecce82e8bac6892ef
-
SHA512
f463d70e2773a9b27c43ff24a2fdfc242e55050ba81ea5af34b9984b8aae7697ce0d38135dfefb507efc89c7ca0aba1b6be7040092dd98ce8811b9ab5bb474a5
-
SSDEEP
12288:eOnWEibaQbA8GS3zY4uKhbO6ZvRM98HaN6N2hN1JAQYVu5RGE41Gw57bhRw:5vQlcfKhrZvRZa42hNKuHGES/O
Static task
static1
Behavioral task
behavioral1
Sample
c0baec4eb2deb38c2f86c250a7aae50a417652429439bb5ecce82e8bac6892ef.xlam
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
c0baec4eb2deb38c2f86c250a7aae50a417652429439bb5ecce82e8bac6892ef.xlam
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
c0baec4eb2deb38c2f86c250a7aae50a417652429439bb5ecce82e8bac6892ef.xlsx
-
Size
652KB
-
MD5
d32ebf59d912022ad03be9f1a79d1622
-
SHA1
70e185fcd828497aea47489ebd84feb70ed21983
-
SHA256
c0baec4eb2deb38c2f86c250a7aae50a417652429439bb5ecce82e8bac6892ef
-
SHA512
f463d70e2773a9b27c43ff24a2fdfc242e55050ba81ea5af34b9984b8aae7697ce0d38135dfefb507efc89c7ca0aba1b6be7040092dd98ce8811b9ab5bb474a5
-
SSDEEP
12288:eOnWEibaQbA8GS3zY4uKhbO6ZvRM98HaN6N2hN1JAQYVu5RGE41Gw57bhRw:5vQlcfKhrZvRZa42hNKuHGES/O
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-