General
-
Target
REVISE QUOTATION 21.04.2021.pdf (113K).rar
-
Size
642KB
-
Sample
210422-ylv48kyaze
-
MD5
6b989d90c73fa32a2cbeb1b051644d4c
-
SHA1
ca38117a75bb4948984a78d718c927f0030257c9
-
SHA256
3638135eb0f487e5b5b003d1f090554b0f6fe96ac90da04a1ff683156b164bd7
-
SHA512
ee9cdffc8a259672c9fa90e6e46aab2152678b88ee33a76573a85fd72e54119b624a002aac6c253ec2d83dad3409725757648a1defb604142268eb501f266aa9
Static task
static1
Behavioral task
behavioral1
Sample
REVISE QUOTATION 21.04.2021.pdf (113K).exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
REVISE QUOTATION 21.04.2021.pdf (113K).exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.snacksnco.com - Port:
587 - Username:
aslam.ghanchi@snacksnco.com - Password:
aslam.ghanchi
Targets
-
-
Target
REVISE QUOTATION 21.04.2021.pdf (113K).exe
-
Size
1.1MB
-
MD5
89ca2118db943ad848bec5c57179ff90
-
SHA1
228f8081288f70c35f33e5edd5394c1fb8a6cdd6
-
SHA256
78af4e9c1f31817ce195cd77aea8659a75148c5a302b35e9c17f2ff93a696a0c
-
SHA512
480e02364f8dd07f423d33c9a3763e6a04e2506093e5f1875e6052bbf6afa4e015814307d420d1b2b76bbd0463ec90c0637ce4fbdf0b057efacb34209b640eba
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-