General
-
Target
RFQ#000002720212207.exe
-
Size
734KB
-
Sample
210722-a8h6pw7rrx
-
MD5
2e21013d8666ba1eaf72238befc4889c
-
SHA1
f5052e76d0dd47411987d4a4de27fc849e1c9a55
-
SHA256
fbadf252eb04bc791373500dd2b28c45ef60bf5f34c711c4bff61fe5230c056c
-
SHA512
b7a76de69bceaa94739f5badd30fa34c04ab88e4cadcb88fe144b52315d69b9a9fde58fc68967c460acc7f3f53af4bf0029974b8906e5145004704737ced5ec9
Static task
static1
Behavioral task
behavioral1
Sample
RFQ#000002720212207.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
RFQ#000002720212207.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.kemkan.net - Port:
587 - Username:
procure@kemkan.net - Password:
investment123
Targets
-
-
Target
RFQ#000002720212207.exe
-
Size
734KB
-
MD5
2e21013d8666ba1eaf72238befc4889c
-
SHA1
f5052e76d0dd47411987d4a4de27fc849e1c9a55
-
SHA256
fbadf252eb04bc791373500dd2b28c45ef60bf5f34c711c4bff61fe5230c056c
-
SHA512
b7a76de69bceaa94739f5badd30fa34c04ab88e4cadcb88fe144b52315d69b9a9fde58fc68967c460acc7f3f53af4bf0029974b8906e5145004704737ced5ec9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-