General
-
Target
f5d836c6ef6ce92e4881271d45d5b6c9b55eb8008f3115c68850876bfdbe69e3
-
Size
367KB
-
Sample
220520-3j5rrshad7
-
MD5
094c8918acba7b038a4683f9e05c6874
-
SHA1
fdf387e881127309500d06e745c0b0e8304544c7
-
SHA256
f5d836c6ef6ce92e4881271d45d5b6c9b55eb8008f3115c68850876bfdbe69e3
-
SHA512
b6dcc068b85c049f8ad4a26d37c87fc83e31eae0596dfd0e3b100e75367e7f7052ef28211adce7117ba16280d96b7071a32030af5dce9dc3b042d568c27f75ab
Static task
static1
Behavioral task
behavioral1
Sample
RFQ#50-05272020.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ#50-05272020.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
kingmoney12345
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
kingmoney12345
Targets
-
-
Target
RFQ#50-05272020.pdf.exe
-
Size
533KB
-
MD5
024bb13927861bf6581146b8ebc86de3
-
SHA1
7e8ab0876948ce6bda4c93df7fc44aff4bf29646
-
SHA256
33fafc21865d301586e6c0563fd5345b3c46f03bddea4e69dd4d2f72382d2aaa
-
SHA512
123b127eb96db5d6e67d8c064ec3b042a176fd78cb53897783ede58008904bc64257a657be1817d47824d96329b4b8751c845a03e3f0c90208a3a7e25b41400f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-