General
-
Target
65e8917946a978a0b09b14d4177fa4e6e71ded6bd48ab91414fa81a1e2a519b7.xlsx
-
Size
725KB
-
Sample
240618-vp8rlswhkr
-
MD5
16e546a8202702091739c35484ba1cd3
-
SHA1
8220a7fc4abe77109b3eb80ae7211997603287d3
-
SHA256
65e8917946a978a0b09b14d4177fa4e6e71ded6bd48ab91414fa81a1e2a519b7
-
SHA512
4711f24a6857f59a6f5643ce3043d85377a8c4645503751f7ebd3e5b690d0528a502e39bcfdc28cfa6214ea8eb09fd12b7ee6bad14d74343cf263ad22f92685d
-
SSDEEP
12288:QhrnWHeTDAsDm6Kglg8MBJfjrQP9HYh5o2CtpB/vr+fRsNEYKDof6T5dORZDxTn/:srxCDwRMBljcP94h5o247vr+JsNEYYTU
Static task
static1
Behavioral task
behavioral1
Sample
65e8917946a978a0b09b14d4177fa4e6e71ded6bd48ab91414fa81a1e2a519b7.xlam
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
65e8917946a978a0b09b14d4177fa4e6e71ded6bd48ab91414fa81a1e2a519b7.xlam
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
65e8917946a978a0b09b14d4177fa4e6e71ded6bd48ab91414fa81a1e2a519b7.xlsx
-
Size
725KB
-
MD5
16e546a8202702091739c35484ba1cd3
-
SHA1
8220a7fc4abe77109b3eb80ae7211997603287d3
-
SHA256
65e8917946a978a0b09b14d4177fa4e6e71ded6bd48ab91414fa81a1e2a519b7
-
SHA512
4711f24a6857f59a6f5643ce3043d85377a8c4645503751f7ebd3e5b690d0528a502e39bcfdc28cfa6214ea8eb09fd12b7ee6bad14d74343cf263ad22f92685d
-
SSDEEP
12288:QhrnWHeTDAsDm6Kglg8MBJfjrQP9HYh5o2CtpB/vr+fRsNEYKDof6T5dORZDxTn/:srxCDwRMBljcP94h5o247vr+JsNEYYTU
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-