General
-
Target
384ee16633dcbadf2f4e1be25727831ea3f0fd0841e4487d5565a08f952d2352
-
Size
536KB
-
Sample
220520-2zkk4agcd7
-
MD5
7b22501d55fa735ea4968daa6b9438cc
-
SHA1
f94083e952bfd2b748174fe5eee955d00ef08cd9
-
SHA256
384ee16633dcbadf2f4e1be25727831ea3f0fd0841e4487d5565a08f952d2352
-
SHA512
901baa432df7f70b13701018e98a327f9048c52e119e4a8d70bce7570b54abdb232cfa153ba7b7ab1d96c33fbc69edf346f4e9170a0a9cb624ceaff29f6fa78e
Static task
static1
Behavioral task
behavioral1
Sample
Urgent Inquiry (HEC RFQ).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Urgent Inquiry (HEC RFQ).exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
71c7eb1f8ba
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
71c7eb1f8ba
Targets
-
-
Target
Urgent Inquiry (HEC RFQ).exe
-
Size
656KB
-
MD5
4dcf2260b10788856a41785081a38cb0
-
SHA1
00baebd101ee9d01d934f9b1fb524a08289dfaac
-
SHA256
651b7d097b570f7c0f182fb52c3d703fbaf3b80e189d8dea1d84e5971a5ea982
-
SHA512
53186153f42319254031e51f3d98f2a002233c8989cfa5575fadd3236ce5f740b1219598d0aa02acda05254c7a46df541c1ee55ec99d098adb7485c5b691b341
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-