General
-
Target
Quote request -DA 31312.exe
-
Size
984KB
-
Sample
210504-trz6sb9jsx
-
MD5
b2b3633436e5fd34c73e9cfd9c4160a4
-
SHA1
fa2c80fe7adf8d76ba283686f0d2691cc2c59037
-
SHA256
bf5d80e41502cbe3e4c6af87106406521d7dff65160a069bdc84f24a086f5381
-
SHA512
a5122becfc76ec88b10aec0b6f691e5430e96abac55478005d12255a9e3280d25a12b7759910536b4221f461b1c78c30612cf32d1dfc3de55194093d6086b54b
Static task
static1
Behavioral task
behavioral1
Sample
Quote request -DA 31312.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Quote request -DA 31312.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.skintechpharmgroup.com - Port:
587 - Username:
chioma.billy@skintechpharmgroup.com - Password:
HUSTLE2021
Targets
-
-
Target
Quote request -DA 31312.exe
-
Size
984KB
-
MD5
b2b3633436e5fd34c73e9cfd9c4160a4
-
SHA1
fa2c80fe7adf8d76ba283686f0d2691cc2c59037
-
SHA256
bf5d80e41502cbe3e4c6af87106406521d7dff65160a069bdc84f24a086f5381
-
SHA512
a5122becfc76ec88b10aec0b6f691e5430e96abac55478005d12255a9e3280d25a12b7759910536b4221f461b1c78c30612cf32d1dfc3de55194093d6086b54b
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-