General
-
Target
52830734adf47f51dd9bca225e856530177bfa441491eb86b925bc9634f00e23
-
Size
1.2MB
-
Sample
220520-3az5xsgee6
-
MD5
ff6ce1390d92154dff17415a89e71944
-
SHA1
ad45b49454a6acc231b004c7757354a79e8d4a32
-
SHA256
52830734adf47f51dd9bca225e856530177bfa441491eb86b925bc9634f00e23
-
SHA512
e247a32f70a9e6f12d66fdb69eb71fe0c0c522c9a111e1e3dd0b5fdb4f0988bc932d35012b22aff99c048e0d630135f433682fe13c3dd19e43762c4651ed52ed
Static task
static1
Behavioral task
behavioral1
Sample
ABB_RFQ_.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ABB_RFQ_.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.urban.co.th - Port:
587 - Username:
[email protected] - Password:
Urban@1143
Targets
-
-
Target
ABB_RFQ_.EXE
-
Size
493KB
-
MD5
1d497edcc418d5eccc61592e812cc235
-
SHA1
b1231c2c9838b8fd8a6a02407450b3db38ce2c53
-
SHA256
a5bc29d5e6f55ba05f61fff45175d9864ee0b311ad45baf0cfd65c74666da14c
-
SHA512
20ce7a9c5396b7ea33171cff24c6790afd8e7d349c4515b2017c8827977f6426cc7075235b5af9b9137c1783008de87a2c3169dba3798f21a594cfc0d474fa71
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-