General
-
Target
f4716584ceb8cb7e7146fc55f68d6f582d0ef8f204869d8f5cde6b19a96c1a44
-
Size
642KB
-
Sample
220520-3khcvsbhhn
-
MD5
fab5faeef9154fdc7324cb18c5c86667
-
SHA1
a76b2ca9111d4c157493191dd0e6228f48580e49
-
SHA256
f4716584ceb8cb7e7146fc55f68d6f582d0ef8f204869d8f5cde6b19a96c1a44
-
SHA512
4dce0dd66e5734f5be6fe87b9b6fc35c0f6a900973c40bf2e71ca1658d901993147311ae732a22a77243130d0b5e707f7baaa1c6536e0f318c5ba87c37fdcdfc
Static task
static1
Behavioral task
behavioral1
Sample
Quotation,pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation,pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
111aaa
Targets
-
-
Target
Quotation,pdf.exe
-
Size
580KB
-
MD5
fe0270dc1c0efebf998a7104993e5cca
-
SHA1
a7a96b19be0013c72f059fef9114b47fd4e340ef
-
SHA256
ff68eaa6d58205bb3474da47a16e02dc8f622c210abaa05318d460a1582ba883
-
SHA512
906c5fee16749d4de88430a8e835f5fb6b65384a03cdffd0cf3f7f62245204f6e34d85259443bf25d591d9f1d39fa3ddcc41c7c61509bdc432923c10027c29ce
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-