General
-
Target
_RFQ Our Reference 2021-1143(1).ace
-
Size
613KB
-
Sample
210423-mxeqxn5fwe
-
MD5
9a7e8bb33c4567a442726030b9e2fe2d
-
SHA1
3c860195fb27752b41a56ded4962ab02a2c14cb5
-
SHA256
bcb6aa4b6393f67e3a72eb9733bb0103d74b67cb3c32bc553302ccdb0e072d98
-
SHA512
064843d19fc1ef0e818ffbf216cfa401db95fc3d6a65eef45fee692f9bda48552af8bb31aedcbfde1fb862ea4a7c420dd1ce1427a09d9f4e167da1e9a6bb81a4
Static task
static1
Behavioral task
behavioral1
Sample
RFQ Our Reference 2021-1143.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
RFQ Our Reference 2021-1143.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mehtagroup.in - Port:
587 - Username:
dinesh@mehtagroup.in - Password:
1234@DP#
Targets
-
-
Target
RFQ Our Reference 2021-1143.exe
-
Size
684KB
-
MD5
a1ef7cc0e83d9d8ede4311bfe8e124c7
-
SHA1
a87429754bed0dfff38aa6cc63fbe8d5568a91c9
-
SHA256
6594b68c027f44465b539374abe5791c970a82b3be282911d2e95a9f459f61f3
-
SHA512
4bc38dc390a63a369eed9bca032de8f9b0a1b720dcd976a7753e5c3c9bb940f8497ff872f200b279f84a6b26b8e68dc1239a421bc0fd785308ca037eb86bd8cc
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-