General
-
Target
17092024_0554_17092024_oc_202486545346576879879856879876756875246.XLS.uue
-
Size
799KB
-
Sample
240917-glz4eaxele
-
MD5
74a265ddd2ac5a2ca37b780e9fd5ec94
-
SHA1
ec5804cfebaeffe6416d7ee247fdf06900996c2a
-
SHA256
941402f57a96debb7dd383b23396f2af8294bc070ef10250bdccbd2b148e0813
-
SHA512
a4fed7cdbedffec0ba1c2f1550f0e5cfc05051afe4183ae88f54cc93071068028c65d47da2b45ce8ae2ca5073794da96e7e81d083cf8f2e0152b90015245eb47
-
SSDEEP
24576:Bp5DeSAyNwpPrwiuxL65GXvAp13q+faC97NqGtVz09:B9NMuTXob39i67N7e
Static task
static1
Behavioral task
behavioral1
Sample
oc_202486545346576879879856879876756875246.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
oc_202486545346576879879856879876756875246.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1749457201:AAGWIY2QPzrHZIumAIUsWjyRAEWcJrauccY/sendDocument
Targets
-
-
Target
oc_202486545346576879879856879876756875246.exe
-
Size
1.1MB
-
MD5
ef3b33eda19bdf6cc936b97f7e582f1d
-
SHA1
2f67db5fb6220c97ade8c9a016e0553af766efe3
-
SHA256
6d7383506176b2d66904efea5dfee58a70ad683ee01d9bf6a49066a92ab81cf6
-
SHA512
975c729679891c2552d9f444a6f68f80ca122c6476599efe1b257791695647577c7b003146ef5dd457ead393d5da42b74949a6aadb514d24847d5e4bce1924e3
-
SSDEEP
24576:0RmJkcoQricOIQxiZY1iaae3Ut4xK9+UfLWYG6uwiQizOVEC0ZL:RJZoQrbTFZY1iaaYQ409XmZwnizOVa
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops file in Drivers directory
-
Drops startup file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-