RFQ #6553928_PDF.exe

General
Target

RFQ #6553928_PDF.exe

Size

1003KB

Sample

210122-7wqdeedah6

Score
10 /10
MD5

126a06711f90b3bb00d5cdf657bbd381

SHA1

50c06ee54498c3a960baf9aca1f62909edf1981c

SHA256

20795651735a3b9de9a7cd1ec01ea78c8acd43c9cb67dda8628cf1559bdcba1c

SHA512

ccf017de3b41b4b7372651aeaf73f0ca25fdf7ab6075634d5cd1600801a3fe438ce3c86ceccb5de7a31f626286dd75ef02dbc9ec3f0019541eb980a76d8191fc

Malware Config
Targets
Target

RFQ #6553928_PDF.exe

MD5

126a06711f90b3bb00d5cdf657bbd381

Filesize

1003KB

Score
10 /10
SHA1

50c06ee54498c3a960baf9aca1f62909edf1981c

SHA256

20795651735a3b9de9a7cd1ec01ea78c8acd43c9cb67dda8628cf1559bdcba1c

SHA512

ccf017de3b41b4b7372651aeaf73f0ca25fdf7ab6075634d5cd1600801a3fe438ce3c86ceccb5de7a31f626286dd75ef02dbc9ec3f0019541eb980a76d8191fc

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • Enumerates physical storage devices

    Description

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    Tags

    TTPs

    System Information Discovery
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation