General
-
Target
RFQ_ITT 05-05-2020.pdf.exe
-
Size
454KB
-
Sample
201109-2a4xxlpw92
-
MD5
8743e93a1e028dbcc56c94b6e79fc8d0
-
SHA1
eeafd63dfbc6bf1382c91776339bb7961650836e
-
SHA256
2b1e4f6443927562d460588af4264fa5c5bdde4b29779588d5c0998269958f56
-
SHA512
c77c892300912ef20e9cc6f0b1f949956c12f5becfae061a34c11a1ce15428f1d20ee465a82c204dce23d698d12e8f9f3a15d76b738501833365c5af962d63b5
Static task
static1
Behavioral task
behavioral1
Sample
RFQ_ITT 05-05-2020.pdf.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.apipharrnatech.com - Port:
587 - Username:
ard@apipharrnatech.com - Password:
BlFM)d_p2D{K
Targets
-
-
Target
RFQ_ITT 05-05-2020.pdf.exe
-
Size
454KB
-
MD5
8743e93a1e028dbcc56c94b6e79fc8d0
-
SHA1
eeafd63dfbc6bf1382c91776339bb7961650836e
-
SHA256
2b1e4f6443927562d460588af4264fa5c5bdde4b29779588d5c0998269958f56
-
SHA512
c77c892300912ef20e9cc6f0b1f949956c12f5becfae061a34c11a1ce15428f1d20ee465a82c204dce23d698d12e8f9f3a15d76b738501833365c5af962d63b5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-