General
-
Target
FWREQUEST FOR URGENT QUOTATION RFQ.doc__.rtf
-
Size
628KB
-
Sample
210420-cdbzyrk71e
-
MD5
7040850c5f29b143eebfe32b97a97ddc
-
SHA1
20c428053d7d83ce23e7d6f3c48c4cd50e606ae3
-
SHA256
53947cdc6ca591ccc866933e6d69a6861160325956ae0a284bb5d222f933e08e
-
SHA512
827900885590850a2be455f6cbf6342535359ef2b132a6e12f7892dd038aeff0c80b1a3f08ca59b96ff2b6420372d34683c65d7b264374d0dfb597e5df300cef
Static task
static1
Behavioral task
behavioral1
Sample
FWREQUEST FOR URGENT QUOTATION RFQ.doc__.rtf
Resource
win7v20210410
Behavioral task
behavioral2
Sample
FWREQUEST FOR URGENT QUOTATION RFQ.doc__.rtf
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
utari.iixcp.rumahweb.com - Port:
587 - Username:
[email protected] - Password:
#t.jTrXnOmWX
Targets
-
-
Target
FWREQUEST FOR URGENT QUOTATION RFQ.doc__.rtf
-
Size
628KB
-
MD5
7040850c5f29b143eebfe32b97a97ddc
-
SHA1
20c428053d7d83ce23e7d6f3c48c4cd50e606ae3
-
SHA256
53947cdc6ca591ccc866933e6d69a6861160325956ae0a284bb5d222f933e08e
-
SHA512
827900885590850a2be455f6cbf6342535359ef2b132a6e12f7892dd038aeff0c80b1a3f08ca59b96ff2b6420372d34683c65d7b264374d0dfb597e5df300cef
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-