General
-
Target
f0ecbc7b267751a43f7db46ab1faa1fc29c834b2fd5224ba202f645afdeb3c46
-
Size
790KB
-
Sample
220520-3k2rhahag9
-
MD5
e68e78463bbcacd2da759f6b85047220
-
SHA1
d6cd5dc69938e0ffbe7c2b39ab0c5a20d450fa9c
-
SHA256
f0ecbc7b267751a43f7db46ab1faa1fc29c834b2fd5224ba202f645afdeb3c46
-
SHA512
038f1d4157783e4766ba12f76f158adc2136ca475456b913a116318545563dde13a5aa4c4d386aafdb0f3c61fc97d68b322f4c0a9a9e6f783df504d1da95f61f
Static task
static1
Behavioral task
behavioral1
Sample
Invitation to Bid Document.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Invitation to Bid Document.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
RFQ Sinopec Refining Project.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
RFQ Sinopec Refining Project.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.greenhornechem.com - Port:
587 - Username:
[email protected] - Password:
^fpNyGmQa2
Targets
-
-
Target
Invitation to Bid Document.exe
-
Size
587KB
-
MD5
56c28a5e5db8741f23931e28b8a27a7b
-
SHA1
355ede2c4f0cc58d4767ca3878b9ce52c3b46fa3
-
SHA256
83eff9827c853adff940f77bff9e516f0ef9e5865f04d0e02572ee8b0051b720
-
SHA512
421aa9339e69aa54eabeef9aad66f0462fc0059f06c694d76cef6685b242ab834e15161319f4c5f0c702deb2981987f806fd5d5a35b0b7158169539d98b9fccb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
RFQ Sinopec Refining Project.exe
-
Size
579KB
-
MD5
4b22fb58751575aa519aae5e1ca8841c
-
SHA1
36b679ba9fb83058600b0a5f12ac30dcce4c002c
-
SHA256
3298b7890071ea9442142d9f030802b738664152a1f07fbabe629b72b0ea7b3d
-
SHA512
ec5cf1b523ed05dc40fb2070907260b781140c4f605fcc5fdc628829b0d9380bb87645e7e4a2e1b258ba950a1131757c4f34c7e53ae0ccd1013857581a1f622a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-