General
-
Target
REVISE QUOTATION 21.04.2021.pdf (113K).exe
-
Size
1.1MB
-
Sample
210422-atpzb2r4qa
-
MD5
89ca2118db943ad848bec5c57179ff90
-
SHA1
228f8081288f70c35f33e5edd5394c1fb8a6cdd6
-
SHA256
78af4e9c1f31817ce195cd77aea8659a75148c5a302b35e9c17f2ff93a696a0c
-
SHA512
480e02364f8dd07f423d33c9a3763e6a04e2506093e5f1875e6052bbf6afa4e015814307d420d1b2b76bbd0463ec90c0637ce4fbdf0b057efacb34209b640eba
Static task
static1
Behavioral task
behavioral1
Sample
REVISE QUOTATION 21.04.2021.pdf (113K).exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
REVISE QUOTATION 21.04.2021.pdf (113K).exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.snacksnco.com - Port:
587 - Username:
aslam.ghanchi@snacksnco.com - Password:
aslam.ghanchi
Targets
-
-
Target
REVISE QUOTATION 21.04.2021.pdf (113K).exe
-
Size
1.1MB
-
MD5
89ca2118db943ad848bec5c57179ff90
-
SHA1
228f8081288f70c35f33e5edd5394c1fb8a6cdd6
-
SHA256
78af4e9c1f31817ce195cd77aea8659a75148c5a302b35e9c17f2ff93a696a0c
-
SHA512
480e02364f8dd07f423d33c9a3763e6a04e2506093e5f1875e6052bbf6afa4e015814307d420d1b2b76bbd0463ec90c0637ce4fbdf0b057efacb34209b640eba
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-