General
-
Target
21501120100258 RFQ_PDF.exe
-
Size
523KB
-
Sample
211019-kvg6qsgdbj
-
MD5
ecca05475f3048ed5d2b4ad2b4613cc2
-
SHA1
5e3730879b2f8c38c3811cef6d135f045406d60e
-
SHA256
74c28e96289cef60d4a8c5ff350deff3ad83efb794dcb4a1ec599016c3dbbeb1
-
SHA512
c634b9a67560559065e888a7520b919e11af72be7e515969cb008e0a849e516df4c87f58766c407d4de3d7d96fa349c6f917c38af5856394f7d683918ecd436d
Static task
static1
Behavioral task
behavioral1
Sample
21501120100258 RFQ_PDF.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
21501120100258 RFQ_PDF.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.medicare-equipment.com - Port:
587 - Username:
[email protected] - Password:
AllTheBest777
Targets
-
-
Target
21501120100258 RFQ_PDF.exe
-
Size
523KB
-
MD5
ecca05475f3048ed5d2b4ad2b4613cc2
-
SHA1
5e3730879b2f8c38c3811cef6d135f045406d60e
-
SHA256
74c28e96289cef60d4a8c5ff350deff3ad83efb794dcb4a1ec599016c3dbbeb1
-
SHA512
c634b9a67560559065e888a7520b919e11af72be7e515969cb008e0a849e516df4c87f58766c407d4de3d7d96fa349c6f917c38af5856394f7d683918ecd436d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-