General
-
Target
NEWQUOTATIONs#280321_RFQ_PRODUCTS_ENQUIRY_TRINITY_VIETNAM_CO.exe
-
Size
704KB
-
Sample
210412-k1en2bq9x6
-
MD5
c96b1f4dc1a2a841743b670d775c9466
-
SHA1
81ca2259f3933734542cbcb4d5393d4878f41a66
-
SHA256
83c0e817f62582a3e6aa5f20d6cb6738588f8bd7a3d076f6d174ac1b10bbe8c4
-
SHA512
295342ae9cca7dd33ee9bbd380fc070d2a351f9ffa37428879b4e6fd72b5f6ae2bcdb52faaa2cee62a3c1e446c71f9ee43e8c8fded35f4a90fc06dd492b195f4
Static task
static1
Behavioral task
behavioral1
Sample
NEWQUOTATIONs#280321_RFQ_PRODUCTS_ENQUIRY_TRINITY_VIETNAM_CO.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
NEWQUOTATIONs#280321_RFQ_PRODUCTS_ENQUIRY_TRINITY_VIETNAM_CO.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
eammorris@askoblue.com - Password:
zQHG#uz5
Targets
-
-
Target
NEWQUOTATIONs#280321_RFQ_PRODUCTS_ENQUIRY_TRINITY_VIETNAM_CO.exe
-
Size
704KB
-
MD5
c96b1f4dc1a2a841743b670d775c9466
-
SHA1
81ca2259f3933734542cbcb4d5393d4878f41a66
-
SHA256
83c0e817f62582a3e6aa5f20d6cb6738588f8bd7a3d076f6d174ac1b10bbe8c4
-
SHA512
295342ae9cca7dd33ee9bbd380fc070d2a351f9ffa37428879b4e6fd72b5f6ae2bcdb52faaa2cee62a3c1e446c71f9ee43e8c8fded35f4a90fc06dd492b195f4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-