General
-
Target
FWREQUEST FOR URGENT QUOTATION (RFQ).doc
-
Size
628KB
-
Sample
210420-5angfp9gws
-
MD5
7040850c5f29b143eebfe32b97a97ddc
-
SHA1
20c428053d7d83ce23e7d6f3c48c4cd50e606ae3
-
SHA256
53947cdc6ca591ccc866933e6d69a6861160325956ae0a284bb5d222f933e08e
-
SHA512
827900885590850a2be455f6cbf6342535359ef2b132a6e12f7892dd038aeff0c80b1a3f08ca59b96ff2b6420372d34683c65d7b264374d0dfb597e5df300cef
Static task
static1
Behavioral task
behavioral1
Sample
FWREQUEST FOR URGENT QUOTATION (RFQ).doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
FWREQUEST FOR URGENT QUOTATION (RFQ).doc
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
utari.iixcp.rumahweb.com - Port:
587 - Username:
[email protected] - Password:
#t.jTrXnOmWX
Targets
-
-
Target
FWREQUEST FOR URGENT QUOTATION (RFQ).doc
-
Size
628KB
-
MD5
7040850c5f29b143eebfe32b97a97ddc
-
SHA1
20c428053d7d83ce23e7d6f3c48c4cd50e606ae3
-
SHA256
53947cdc6ca591ccc866933e6d69a6861160325956ae0a284bb5d222f933e08e
-
SHA512
827900885590850a2be455f6cbf6342535359ef2b132a6e12f7892dd038aeff0c80b1a3f08ca59b96ff2b6420372d34683c65d7b264374d0dfb597e5df300cef
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-