General
-
Target
REQUEST FOR QUOTATION.tar.gz
-
Size
559KB
-
Sample
210728-b3ked4t9nj
-
MD5
249cc30b6541f182154be6d54a557e69
-
SHA1
39d871c556f02bea9ae489ca43d8fb77c32315df
-
SHA256
a72d4067ed5b8cc493eeed68f4f14072ae1c065b70ade643d3c1c2ac67c8edae
-
SHA512
621de46fb94ef1215277e99f0b88cb0168795d752ded50527baa887d865d8fcd77bc4b75b99b1b46297948a35130fd3e1b6f5df14d8661bcf7ab0ae55aa8d2d0
Static task
static1
Behavioral task
behavioral1
Sample
REQUEST FOR QUOTATION.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
REQUEST FOR QUOTATION.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.buynsell.com.pk - Port:
587 - Username:
webmaster@buynsell.com.pk - Password:
Zeco@141
Targets
-
-
Target
REQUEST FOR QUOTATION.exe
-
Size
840KB
-
MD5
473abc32162018e106a776dc9acceac0
-
SHA1
5152df8dbcec444f42ed278bc57fe47cfdb735b7
-
SHA256
e64c0a4f990a69ed7b395ed86eb27f0334bc48a4cae437db54f3e7625392eaa9
-
SHA512
e97e2acfbb92ae3f6966873dec23a02a483442177c2447d3f58a64e1af21e974999174a4d39b73313f86e1ea8d5af3f00dd466d00c42aa37f9e6c1e89558fd24
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-