General
-
Target
INQUIRY FOR NEW QUOTATION FOR SAPA TRADING.exe
-
Size
681KB
-
Sample
211020-lm8jdsgha6
-
MD5
422343b5ffbc0b2c7d47abfba7c24172
-
SHA1
33ea66969c89ede393e4685a5a580d2b24d49242
-
SHA256
174bde453acb124cf771fc3420cf4e12267bbef9bedb36d81a51988dc44c0875
-
SHA512
10249c86f4b867c8d167906d84a79a965a99cba19a257cfa7be9f00a4304ff3984bb512c7a6dd1c67ac8a2cf8d223754d916ac17c806403b1050bb6030ed684b
Static task
static1
Behavioral task
behavioral1
Sample
INQUIRY FOR NEW QUOTATION FOR SAPA TRADING.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
INQUIRY FOR NEW QUOTATION FOR SAPA TRADING.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.grodno.by - Port:
587 - Username:
[email protected] - Password:
9qd8$2NonPD
Targets
-
-
Target
INQUIRY FOR NEW QUOTATION FOR SAPA TRADING.exe
-
Size
681KB
-
MD5
422343b5ffbc0b2c7d47abfba7c24172
-
SHA1
33ea66969c89ede393e4685a5a580d2b24d49242
-
SHA256
174bde453acb124cf771fc3420cf4e12267bbef9bedb36d81a51988dc44c0875
-
SHA512
10249c86f4b867c8d167906d84a79a965a99cba19a257cfa7be9f00a4304ff3984bb512c7a6dd1c67ac8a2cf8d223754d916ac17c806403b1050bb6030ed684b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-