General
-
Target
RFQ #6553928_PDF.exe
-
Size
1003KB
-
Sample
210122-7wqdeedah6
-
MD5
126a06711f90b3bb00d5cdf657bbd381
-
SHA1
50c06ee54498c3a960baf9aca1f62909edf1981c
-
SHA256
20795651735a3b9de9a7cd1ec01ea78c8acd43c9cb67dda8628cf1559bdcba1c
-
SHA512
ccf017de3b41b4b7372651aeaf73f0ca25fdf7ab6075634d5cd1600801a3fe438ce3c86ceccb5de7a31f626286dd75ef02dbc9ec3f0019541eb980a76d8191fc
Static task
static1
Behavioral task
behavioral1
Sample
RFQ #6553928_PDF.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
RFQ #6553928_PDF.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1513271204:AAFn4hPg2fp2zgo9ieA28FrdaCkpwxApdbA/sendDocument
Targets
-
-
Target
RFQ #6553928_PDF.exe
-
Size
1003KB
-
MD5
126a06711f90b3bb00d5cdf657bbd381
-
SHA1
50c06ee54498c3a960baf9aca1f62909edf1981c
-
SHA256
20795651735a3b9de9a7cd1ec01ea78c8acd43c9cb67dda8628cf1559bdcba1c
-
SHA512
ccf017de3b41b4b7372651aeaf73f0ca25fdf7ab6075634d5cd1600801a3fe438ce3c86ceccb5de7a31f626286dd75ef02dbc9ec3f0019541eb980a76d8191fc
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-