General
-
Target
Официално писмо № 0280_08_09-10-2024г docx.z
-
Size
944KB
-
Sample
240916-wafmys1djl
-
MD5
a669105ab713b5a14a30857a469539ae
-
SHA1
bcbe6be9d99761a3f8fce73df4dafde85cc6c711
-
SHA256
632d21f1992f8a51989c1127f0aec2cfab45dc4c8576155a2fce35ce554e6667
-
SHA512
66125a6af1432646193be3e1cc011bf76c5dc3ecfd6aba9f45de8b6aaa577e1095353997164b9c0283e4bb8014418f7043544ea155e8e39697da851eed621002
-
SSDEEP
24576:DWP703QkJD5BqcrA2VEdWikOAYj+Te9y2:z3QkEcrADWjOAPe9r
Static task
static1
Behavioral task
behavioral1
Sample
Официално писмо № 0280_08_09-10-2024г.docx.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Официално писмо № 0280_08_09-10-2024г.docx.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.anagennisi-sa.gr - Port:
587 - Username:
[email protected] - Password:
Smiliotopoulou - Email To:
[email protected]
Targets
-
-
Target
Официално писмо № 0280_08_09-10-2024г.docx.exe
-
Size
1.2MB
-
MD5
e0d57a92476711a3438a44fa205e1720
-
SHA1
a1669d33a5b53f9c501c01ec2bc7e155a6964a38
-
SHA256
696a1a956d00c895f0716efdec49515d65deae2edd12cad87c13c29f31fbd360
-
SHA512
7f6173a7d61dc797fc63456240b26daca47580ca901e3af901926fe293ab703c83b1c1f7fb5e47378d42d3443524db13707283018699e76e1dd5de2aae1a80e9
-
SSDEEP
24576:I3c92psKAq6ITV5vGbao8LSEI28uUESJVufn/VtvVE:I3cYaKd6EGbrs4ySQ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-