General
-
Target
Quotation Enquiry shipping cost and payment conditions CFR terms.rar
-
Size
434KB
-
Sample
210915-jacj3sdbdn
-
MD5
7e7161db58cb039aa581059c3347e6fd
-
SHA1
9745f4b784865c0c705eb4d637aa8167f617cb81
-
SHA256
cbb72d17e39df440daf18c68749378a0a9d4f712898b79311af72cd1e472e7dc
-
SHA512
8b5b78c91970cb392e961eaf9a03ca307f863982d7d7b02dcd9d1850383a5f9a5a3778ca9ccf03d7e69e40ea60b64a6df4300f29c8dabd2d4aec9c720956b0bb
Static task
static1
Behavioral task
behavioral1
Sample
Quotation Enquiry shipping cost and payment conditions CFR terms.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Quotation Enquiry shipping cost and payment conditions CFR terms.exe
Resource
win10-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.italfood.ae - Port:
587 - Username:
sales4@italfood.ae - Password:
Sales@634@$
Targets
-
-
Target
Quotation Enquiry shipping cost and payment conditions CFR terms.exe
-
Size
934KB
-
MD5
efa2ddda96e21edbedd914655d2dd4c6
-
SHA1
d73e541bbb2d457627eb4dd28fdba17b9ed05b25
-
SHA256
b443e59460d0626393c493bb73abf3c2adbb318fa72c995f1e8130a2a556ab7c
-
SHA512
29e09ff7ac28ecccbed8cc929e10be878a545f4336e782500884182b2066be9d2c807efdc6989740d0ffe3b8ee5bdcbd688b20ff854c792ce2f18b3c1b384014
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-