General
-
Target
DHL_AWB.docx
-
Size
72KB
-
Sample
220805-rxjkxabdhq
-
MD5
aaea73067b34013e5c1c9715dcf715a4
-
SHA1
a1cf21c352a13b91a2b0ab22c4367e07151c4292
-
SHA256
c7351eddf1e255e0b5d5d6c7dbd054427f5fef62b7cd9d25b67166e57df21d9b
-
SHA512
b516045d2be903dbb92b166e057fb2d48aebff68c6cec1cbf035c9197e70324cacbbab36307b2bf644525186bf4e6d8e918be89f090694560a75b69cab66b3f3
Static task
static1
Behavioral task
behavioral1
Sample
DHL_AWB.docx
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
DHL_AWB.docx
Resource
win10v2004-20220721-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1900392974:AAEB_yGGlWksNcNC4Dg08OgUSlmDON2w098/sendDocument
Targets
-
-
Target
DHL_AWB.docx
-
Size
72KB
-
MD5
aaea73067b34013e5c1c9715dcf715a4
-
SHA1
a1cf21c352a13b91a2b0ab22c4367e07151c4292
-
SHA256
c7351eddf1e255e0b5d5d6c7dbd054427f5fef62b7cd9d25b67166e57df21d9b
-
SHA512
b516045d2be903dbb92b166e057fb2d48aebff68c6cec1cbf035c9197e70324cacbbab36307b2bf644525186bf4e6d8e918be89f090694560a75b69cab66b3f3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-