General
-
Target
EXW QUOTATION.exe
-
Size
651KB
-
Sample
210504-mgp1335rte
-
MD5
b6e6ec67a638e2ee7344d847a749ded0
-
SHA1
9da346f12d9bd00d454a219f73fe628dbf408817
-
SHA256
226055fd9a87d3bb38acb21c4d3dd7222d600003c72fab036286b9b15b233518
-
SHA512
227f0ced3757b765e8f7e474dd7bcbf8bebd185172e0601649df422dce5e454d0abc4ef0a30c5aa23941d926176fe0c85b186bc4c956acc820f8e29fc95ccbe2
Static task
static1
Behavioral task
behavioral1
Sample
EXW QUOTATION.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
EXW QUOTATION.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server126.web-hosting.com - Port:
587 - Username:
jokelogs@omnlltd.com - Password:
E#@Dfb$LbM)M
Targets
-
-
Target
EXW QUOTATION.exe
-
Size
651KB
-
MD5
b6e6ec67a638e2ee7344d847a749ded0
-
SHA1
9da346f12d9bd00d454a219f73fe628dbf408817
-
SHA256
226055fd9a87d3bb38acb21c4d3dd7222d600003c72fab036286b9b15b233518
-
SHA512
227f0ced3757b765e8f7e474dd7bcbf8bebd185172e0601649df422dce5e454d0abc4ef0a30c5aa23941d926176fe0c85b186bc4c956acc820f8e29fc95ccbe2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-