General
-
Target
RFQ PBMS 41697-STR-JAS-21 ENGINE STORES.doc
-
Size
84KB
-
Sample
211019-f6kzjsgbdp
-
MD5
212df1aef8f8b23361e9b0b385e6bc2e
-
SHA1
2b953ab7485560a0d645886d26b200c470b8bd6d
-
SHA256
cd9195a9fab06c84887945db107a1e2bf404cbbce9e28495e124cee656e98924
-
SHA512
e0c625a2bef55fe62817b2e338f2837a7f0f62c1b3fe1c001b6f73a4b83fe19e5573a357544c81620eaf4b050caf146eca5ca51d68852ebc55a7b24ca917b30e
Static task
static1
Behavioral task
behavioral1
Sample
RFQ PBMS 41697-STR-JAS-21 ENGINE STORES.doc
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
RFQ PBMS 41697-STR-JAS-21 ENGINE STORES.doc
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.duncanmaritime.com - Port:
587 - Username:
[email protected] - Password:
Duncan1234@
Targets
-
-
Target
RFQ PBMS 41697-STR-JAS-21 ENGINE STORES.doc
-
Size
84KB
-
MD5
212df1aef8f8b23361e9b0b385e6bc2e
-
SHA1
2b953ab7485560a0d645886d26b200c470b8bd6d
-
SHA256
cd9195a9fab06c84887945db107a1e2bf404cbbce9e28495e124cee656e98924
-
SHA512
e0c625a2bef55fe62817b2e338f2837a7f0f62c1b3fe1c001b6f73a4b83fe19e5573a357544c81620eaf4b050caf146eca5ca51d68852ebc55a7b24ca917b30e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-