General
-
Target
RFQ-000083832.exe
-
Size
603KB
-
Sample
201109-ks6q4r6npe
-
MD5
3c29cde1d757b9a8d0cbed03feb6163c
-
SHA1
60ca0da86ec5b2fb3236f1906a8d5a0513fbfb59
-
SHA256
42af6a36e4b258c564fe1b8a495dda8e269e2c3ad4a4850bf30ec3b22a095c5f
-
SHA512
b1529e0d494d7d82e5d99900e287db7183fee0a9c4271f537e6bc8313f4b63ab8ed533bb829df482f8bb616a1c31ab38198488c801cbc45085349fe7bd5d782f
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-000083832.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pptoursperu.com - Port:
587 - Username:
info@pptoursperu.com - Password:
mailppt2019-
Targets
-
-
Target
RFQ-000083832.exe
-
Size
603KB
-
MD5
3c29cde1d757b9a8d0cbed03feb6163c
-
SHA1
60ca0da86ec5b2fb3236f1906a8d5a0513fbfb59
-
SHA256
42af6a36e4b258c564fe1b8a495dda8e269e2c3ad4a4850bf30ec3b22a095c5f
-
SHA512
b1529e0d494d7d82e5d99900e287db7183fee0a9c4271f537e6bc8313f4b63ab8ed533bb829df482f8bb616a1c31ab38198488c801cbc45085349fe7bd5d782f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Suspicious use of SetThreadContext
-