General
-
Target
QUOTE2021.PDF.exe
-
Size
615KB
-
Sample
210408-gyrghqsx2x
-
MD5
424233f0bd0abbf6d559c800a47b5374
-
SHA1
d253a17418d0a9c26fa0275378d80b0627a28888
-
SHA256
023d25a8bafeb122725046d0d8f0bae8d443e2da9452b217965ab9c432be6d52
-
SHA512
ee703ef5c2122dca7a6f390043fe18707a3def7ecb9acb10ba21e53f7cd3bc4915492384f853428c942adc992c86459069d6fb278c7423c745f4ad3c7b3cb3b2
Static task
static1
Behavioral task
behavioral1
Sample
QUOTE2021.PDF.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
QUOTE2021.PDF.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
Graceboy123@vivaldi.net - Password:
4Lmm4pew4Z3EVCn
Targets
-
-
Target
QUOTE2021.PDF.exe
-
Size
615KB
-
MD5
424233f0bd0abbf6d559c800a47b5374
-
SHA1
d253a17418d0a9c26fa0275378d80b0627a28888
-
SHA256
023d25a8bafeb122725046d0d8f0bae8d443e2da9452b217965ab9c432be6d52
-
SHA512
ee703ef5c2122dca7a6f390043fe18707a3def7ecb9acb10ba21e53f7cd3bc4915492384f853428c942adc992c86459069d6fb278c7423c745f4ad3c7b3cb3b2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-