General
-
Target
58fb143357271595d2a6b44c90594a016b0e31ae2776ab6eaa6e32ee409c43bb
-
Size
243KB
-
Sample
220520-2yx5ssgcc2
-
MD5
3534b3a11acd7fe37dd0a0c141e95c5b
-
SHA1
0245ce7810405c641832a64f309c213357f3fed5
-
SHA256
58fb143357271595d2a6b44c90594a016b0e31ae2776ab6eaa6e32ee409c43bb
-
SHA512
776f103c88151fc3727eb602dcc387c722c71e41872680bc6942f5f1d69dbcf7457a4dd5bebab2cb3d36dd61e838756fb6c3ef744e03f61a8171a0ee070c67b1
Static task
static1
Behavioral task
behavioral1
Sample
RFQ ICT-200068-MKE-AL ESTISHARI_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ ICT-200068-MKE-AL ESTISHARI_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.celicnabravarija.com - Port:
21 - Username:
[email protected] - Password:
PLAYBOY@123
Targets
-
-
Target
RFQ ICT-200068-MKE-AL ESTISHARI_pdf.exe
-
Size
697KB
-
MD5
db14f2e9db3e4b839252509e78632b34
-
SHA1
419343491f37ade3a01a2ba6dc5b5173c0c018c8
-
SHA256
743865a3decde771c192396442cfda3a2bf4778258842df286d952c2f6d974d2
-
SHA512
e450fad300288a9707de8cce1601d565378f7260b6c805b2cc55d152f41bf09e5cf00ae6d8ef51d6fe15753abfcb4f69e83eb6760b63f3b4b8d1ee41107646be
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-