General
-
Target
Request For Quotation-(EMP2129079970).exe
-
Size
961KB
-
Sample
210727-tqcwd1twmx
-
MD5
ff04759814c2d073891948aa9b4a6c84
-
SHA1
cae2589775cabffe843518f08c85cda7fd14ae1b
-
SHA256
8bf9ae1489a0184f2e5f3ee7eb06602a69393317e20731ea649be7933b2781f2
-
SHA512
3925e9030126dc430d7399d3efe1ecf2dfd4cbbc65cbf4e305bfb148efcc2851c675e0667f5d7a2b446b90ab1dba1b43c34458fb5363376d8362bdddda0a6fee
Static task
static1
Behavioral task
behavioral1
Sample
Request For Quotation-(EMP2129079970).exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Request For Quotation-(EMP2129079970).exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.scahe.co.in - Port:
587 - Username:
sj@scahe.co.in - Password:
scaheavy@12345
Targets
-
-
Target
Request For Quotation-(EMP2129079970).exe
-
Size
961KB
-
MD5
ff04759814c2d073891948aa9b4a6c84
-
SHA1
cae2589775cabffe843518f08c85cda7fd14ae1b
-
SHA256
8bf9ae1489a0184f2e5f3ee7eb06602a69393317e20731ea649be7933b2781f2
-
SHA512
3925e9030126dc430d7399d3efe1ecf2dfd4cbbc65cbf4e305bfb148efcc2851c675e0667f5d7a2b446b90ab1dba1b43c34458fb5363376d8362bdddda0a6fee
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-