General
-
Target
RFQ_ITT 04-05-2020.pdf.exe
-
Size
371KB
-
Sample
201109-htnpbtexkj
-
MD5
4138aed97250648065f7f78aafdcb962
-
SHA1
5d31618b65831a0e696e69184f3a71e8f23db7a8
-
SHA256
facf028923bb080f70fa54f8c547679651df7d1dbb618cdeda7b16f8fb0f4005
-
SHA512
e4f961d9810f3312d9501ba566552dede980330f153f9c3be905b7899474b13e7eb2df00cb73e1f3451c276107afd58ebb4facf983018e3a2d9d524e071e8d58
Static task
static1
Behavioral task
behavioral1
Sample
RFQ_ITT 04-05-2020.pdf.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.apipharrnatech.com - Port:
587 - Username:
ard@apipharrnatech.com - Password:
BlFM)d_p2D{K
Targets
-
-
Target
RFQ_ITT 04-05-2020.pdf.exe
-
Size
371KB
-
MD5
4138aed97250648065f7f78aafdcb962
-
SHA1
5d31618b65831a0e696e69184f3a71e8f23db7a8
-
SHA256
facf028923bb080f70fa54f8c547679651df7d1dbb618cdeda7b16f8fb0f4005
-
SHA512
e4f961d9810f3312d9501ba566552dede980330f153f9c3be905b7899474b13e7eb2df00cb73e1f3451c276107afd58ebb4facf983018e3a2d9d524e071e8d58
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-