General
-
Target
Procurement Quotation Request From ALVA TRADERS BY ROYAL Re PR#545 3_pdf.exe
-
Size
758KB
-
Sample
210728-lhf1nwtdyn
-
MD5
bbe8f3c73274a97d91e8b9ea33c23f5f
-
SHA1
f2a96b4df791397607fda9c32cafa3f9c25ca59d
-
SHA256
f8858f341270ce6e44c3633322716a1f7ec2c691a191218bdfbda60adcc918b2
-
SHA512
98e58c395bbf10763cddc1fe519a1d49ce049a8b8246566f5aed9328061eff14858bf74b274b5e61ef9aa8fa5d4035f65e0fa645bebd93712b50787f080aaf57
Static task
static1
Behavioral task
behavioral1
Sample
Procurement Quotation Request From ALVA TRADERS BY ROYAL Re PR#545 3_pdf.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Procurement Quotation Request From ALVA TRADERS BY ROYAL Re PR#545 3_pdf.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtpout.secureserver.net - Port:
587 - Username:
sales1@ashtavinayaka.com - Password:
123456789
Targets
-
-
Target
Procurement Quotation Request From ALVA TRADERS BY ROYAL Re PR#545 3_pdf.exe
-
Size
758KB
-
MD5
bbe8f3c73274a97d91e8b9ea33c23f5f
-
SHA1
f2a96b4df791397607fda9c32cafa3f9c25ca59d
-
SHA256
f8858f341270ce6e44c3633322716a1f7ec2c691a191218bdfbda60adcc918b2
-
SHA512
98e58c395bbf10763cddc1fe519a1d49ce049a8b8246566f5aed9328061eff14858bf74b274b5e61ef9aa8fa5d4035f65e0fa645bebd93712b50787f080aaf57
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-