General
-
Target
RFQ. 20345567 -PURCHASE OF NEW WORKSHOP SPARES.exe
-
Size
483KB
-
Sample
211202-q4nmrscch5
-
MD5
90810f9b7d5adcdebf26becfab59e14f
-
SHA1
bde1c87cb873cabea8dc34c0b805f063499430c2
-
SHA256
9630eeea7b089b14106be190a2eab73483ad23785209120aee36ea23c1ebb148
-
SHA512
aeae9009795efcb6070cb5c33a6107a9f54c4cebd47f883bc602a387b919b76db08a3be576def6ad7995130089230573627792f932652a51384dd566d695eda5
Static task
static1
Behavioral task
behavioral1
Sample
RFQ. 20345567 -PURCHASE OF NEW WORKSHOP SPARES.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
RFQ. 20345567 -PURCHASE OF NEW WORKSHOP SPARES.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.uk-custom.com - Port:
587 - Username:
glogs@uk-custom.com - Password:
Li*zQvv3
Targets
-
-
Target
RFQ. 20345567 -PURCHASE OF NEW WORKSHOP SPARES.exe
-
Size
483KB
-
MD5
90810f9b7d5adcdebf26becfab59e14f
-
SHA1
bde1c87cb873cabea8dc34c0b805f063499430c2
-
SHA256
9630eeea7b089b14106be190a2eab73483ad23785209120aee36ea23c1ebb148
-
SHA512
aeae9009795efcb6070cb5c33a6107a9f54c4cebd47f883bc602a387b919b76db08a3be576def6ad7995130089230573627792f932652a51384dd566d695eda5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-