General
-
Target
ebe0db47f3d58129ded5690057c586c10adba99f5efea70eb2defd4be879d204.xlsx
-
Size
743KB
-
Sample
240609-nk2n6shh71
-
MD5
0bae405b6cbbd6f2a51b6c8f3d3229d4
-
SHA1
c883182707d44204007d65a270f4f5794dd9328b
-
SHA256
ebe0db47f3d58129ded5690057c586c10adba99f5efea70eb2defd4be879d204
-
SHA512
98b5371a3e3dfd61e190db23a0fe246b2b2073eaa3f13424f6690cdeed48bc04e661bf361144968b028b72bdd47f68cdab4d56a0816128aa0f27db06c24d8c0f
-
SSDEEP
12288:k2nWqZIWl17AxZ1AibfuOXwLeLCmBeJmxZIjza2rVHIaKLdGfT3wxWv0gONA+/:R3BAxFrvIQLesDIjzEaKhiUhNL
Static task
static1
Behavioral task
behavioral1
Sample
ebe0db47f3d58129ded5690057c586c10adba99f5efea70eb2defd4be879d204.xlam
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
ebe0db47f3d58129ded5690057c586c10adba99f5efea70eb2defd4be879d204.xlam
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
ebe0db47f3d58129ded5690057c586c10adba99f5efea70eb2defd4be879d204.xlsx
-
Size
743KB
-
MD5
0bae405b6cbbd6f2a51b6c8f3d3229d4
-
SHA1
c883182707d44204007d65a270f4f5794dd9328b
-
SHA256
ebe0db47f3d58129ded5690057c586c10adba99f5efea70eb2defd4be879d204
-
SHA512
98b5371a3e3dfd61e190db23a0fe246b2b2073eaa3f13424f6690cdeed48bc04e661bf361144968b028b72bdd47f68cdab4d56a0816128aa0f27db06c24d8c0f
-
SSDEEP
12288:k2nWqZIWl17AxZ1AibfuOXwLeLCmBeJmxZIjza2rVHIaKLdGfT3wxWv0gONA+/:R3BAxFrvIQLesDIjzEaKhiUhNL
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-