General
-
Target
Invitation (Bid Request for Quotation).com.exe
-
Size
801KB
-
Sample
210408-hnv3glblq6
-
MD5
30c3088344e05bf35b3af24eaee1ada9
-
SHA1
98e2d947a3eb487d730e0de62a0e38dfc1f5bc06
-
SHA256
9122c256e01d8489721f5a124686ad014bb32fb9d058dc74d966d36381fe01c8
-
SHA512
1139eb95c5bebebafbc3def6862f0c53a594ce282090ff401aa61aec81a69c27fd921e14d660b85b2e49d4124c759c8c8d2b29c6dcfa821ea4ee46e576fd280f
Static task
static1
Behavioral task
behavioral1
Sample
Invitation (Bid Request for Quotation).com.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Invitation (Bid Request for Quotation).com.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.snacksnco.com - Port:
587 - Username:
aslam.ghanchi@snacksnco.com - Password:
aslam.ghanchi
Targets
-
-
Target
Invitation (Bid Request for Quotation).com.exe
-
Size
801KB
-
MD5
30c3088344e05bf35b3af24eaee1ada9
-
SHA1
98e2d947a3eb487d730e0de62a0e38dfc1f5bc06
-
SHA256
9122c256e01d8489721f5a124686ad014bb32fb9d058dc74d966d36381fe01c8
-
SHA512
1139eb95c5bebebafbc3def6862f0c53a594ce282090ff401aa61aec81a69c27fd921e14d660b85b2e49d4124c759c8c8d2b29c6dcfa821ea4ee46e576fd280f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-