General
-
Target
REQUEST FOR QUOTE FORM.exe
-
Size
685KB
-
Sample
210727-hqrkfdg8wj
-
MD5
136d3ff60c17a7e1d4e1b3c755e15d89
-
SHA1
88b8b2b70252e64bf5599bf0c2fcbca363c06c0a
-
SHA256
a0ee1d459912946e86b1695a16e4e5c288274959bdfb4d9e57cc83e473a3c10b
-
SHA512
86ab7db4097b895ab890b9b471ec22aca1eee701d9dd711873e9790a3453bcc6d5c9a1cdbd7415620c1df732e07760bf0abf96874c450d5ba6f7f6508b7551be
Static task
static1
Behavioral task
behavioral1
Sample
REQUEST FOR QUOTE FORM.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
REQUEST FOR QUOTE FORM.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
chamara.kuruppu@organigram-ca.icu - Password:
Neways@123
Targets
-
-
Target
REQUEST FOR QUOTE FORM.exe
-
Size
685KB
-
MD5
136d3ff60c17a7e1d4e1b3c755e15d89
-
SHA1
88b8b2b70252e64bf5599bf0c2fcbca363c06c0a
-
SHA256
a0ee1d459912946e86b1695a16e4e5c288274959bdfb4d9e57cc83e473a3c10b
-
SHA512
86ab7db4097b895ab890b9b471ec22aca1eee701d9dd711873e9790a3453bcc6d5c9a1cdbd7415620c1df732e07760bf0abf96874c450d5ba6f7f6508b7551be
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-