General
-
Target
shd.xls
-
Size
380KB
-
Sample
200731-hfmwynrf2n
-
MD5
7c68cfe3c735782098888ffabc8d6e13
-
SHA1
8da67457bd235de94c4b1340bafcf8fecca9a532
-
SHA256
1eb7ae49135e0c3fd1e802740e5658e52eef3a38bdacbf756a33100ff6bbaad5
-
SHA512
ed0b41f741e946045fcf4b672dc71639933453f8146fd4e12d248373d8675552cf4ad643c951495267af3d0e8331f74f9d9045e8d398f7b62fa75c2a8dee5bac
Behavioral task
behavioral1
Sample
shd.xls
Resource
win7
Behavioral task
behavioral2
Sample
shd.xls
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
microsotft-office365-rules-co@yandex.ru - Password:
moneymoney77
Targets
-
-
Target
shd.xls
-
Size
380KB
-
MD5
7c68cfe3c735782098888ffabc8d6e13
-
SHA1
8da67457bd235de94c4b1340bafcf8fecca9a532
-
SHA256
1eb7ae49135e0c3fd1e802740e5658e52eef3a38bdacbf756a33100ff6bbaad5
-
SHA512
ed0b41f741e946045fcf4b672dc71639933453f8146fd4e12d248373d8675552cf4ad643c951495267af3d0e8331f74f9d9045e8d398f7b62fa75c2a8dee5bac
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-