General
-
Target
6641727972737024.zip
-
Size
626KB
-
Sample
210727-9k1h2zgtja
-
MD5
061ed0e489d7cdb475f4e9a110a70478
-
SHA1
fca5210add4f4a0f8b0feab49577d4eff8ca5fb6
-
SHA256
9377980f881b2f34d5f2b922a622914c91fe396adf8c1bdda4335f912c036dca
-
SHA512
04f184533fa3b448068c2340a223ad307ea82eba48850176973b04bed71cf8d9b6dc5cd404c951efbb9acd82a0249283e7e525359a7cddfb14d662c6c6739209
Static task
static1
Behavioral task
behavioral1
Sample
RFQ - ORDER NO. 234725.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
RFQ - ORDER NO. 234725.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.126cn.us - Port:
587 - Username:
13910612303@126cn.us - Password:
l*bq*LI7
Targets
-
-
Target
RFQ - ORDER NO. 234725.exe
-
Size
1.3MB
-
MD5
1e143455236b793aee7c590baff03438
-
SHA1
f94d9c2e4334ece08ef7cd3c6f02063298ed8e2a
-
SHA256
697c7f2e94dd5066e52923c79ada6af9fc38f100a2f6d1a4aff2d0769a9c5592
-
SHA512
7470a358759c31b1bf959e71182eca9efff5e381202a4b43db49781420b24e237565406c5521621c2ebfc7e95990fc33d0149dbcbbbaff66158a0e3c42a7dd96
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-