General
-
Target
RFQ SC0054852_PDF.exe
-
Size
403KB
-
Sample
200713-4mm1st5ste
-
MD5
41b5f25fa55f9dc4d320a3c66754ec05
-
SHA1
cdcde4167731c38a8bee5aa752e9c03705c69421
-
SHA256
6e9ef93b4bb2c7ea78dbba96cb34e747294454c2d142276329951e580044ddd3
-
SHA512
95dcf28bd6621d8d2e098df713d8e99c58e297a5797a94975a7ac61c780f0212092105fac5d0fddcb389e66b3a80d447f66cc58d5a7a6d3d4adef96a3b761a2f
Static task
static1
Behavioral task
behavioral1
Sample
RFQ SC0054852_PDF.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
RFQ SC0054852_PDF.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.urban.co.th - Port:
587 - Username:
[email protected] - Password:
Urban@1143
Targets
-
-
Target
RFQ SC0054852_PDF.exe
-
Size
403KB
-
MD5
41b5f25fa55f9dc4d320a3c66754ec05
-
SHA1
cdcde4167731c38a8bee5aa752e9c03705c69421
-
SHA256
6e9ef93b4bb2c7ea78dbba96cb34e747294454c2d142276329951e580044ddd3
-
SHA512
95dcf28bd6621d8d2e098df713d8e99c58e297a5797a94975a7ac61c780f0212092105fac5d0fddcb389e66b3a80d447f66cc58d5a7a6d3d4adef96a3b761a2f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-