General
-
Target
Request for Quotation-4505527156.pdf.exe
-
Size
808KB
-
Sample
210511-zqqjhwmhm6
-
MD5
53ee1719315e25f5a485e032b7596c89
-
SHA1
ba28ef98dc4e74277c0fe370a7dd21e655b1abd4
-
SHA256
de0b80f33037ee2253015508b278b103356b4ca38df599ecb1c91fa1403211c2
-
SHA512
3f0b0ecb915e8d5ab4aec38049d00e5368d1d256110d4a8544444bec3db402ea02897111aefaa517d427de5ebf971b5bd7e38f1b2ea622d53552d3d3ee2818ce
Static task
static1
Behavioral task
behavioral1
Sample
Request for Quotation-4505527156.pdf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Request for Quotation-4505527156.pdf.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.saudimedlabexpo.com - Port:
587 - Username:
info@saudimedlabexpo.com - Password:
]dTqP-]^T]Pt
Targets
-
-
Target
Request for Quotation-4505527156.pdf.exe
-
Size
808KB
-
MD5
53ee1719315e25f5a485e032b7596c89
-
SHA1
ba28ef98dc4e74277c0fe370a7dd21e655b1abd4
-
SHA256
de0b80f33037ee2253015508b278b103356b4ca38df599ecb1c91fa1403211c2
-
SHA512
3f0b0ecb915e8d5ab4aec38049d00e5368d1d256110d4a8544444bec3db402ea02897111aefaa517d427de5ebf971b5bd7e38f1b2ea622d53552d3d3ee2818ce
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-