General
-
Target
ed909a6f4c216cf34f87916768cd25084f9d76c986533e623b366da3cfbe2d95
-
Size
486KB
-
Sample
220520-3ll3facacp
-
MD5
d7f3522413352ddec90f59025c9cc627
-
SHA1
8e9e629a544a1b40092bc1d0d93f8f7478ccb63a
-
SHA256
ed909a6f4c216cf34f87916768cd25084f9d76c986533e623b366da3cfbe2d95
-
SHA512
91f1d6f0d8c426a22b98b5026fda26d3c8706a148da90ba2ce6c9450045de2c698f4ece845d7acdc8efd57230851159d1f69a21d8cd82418424c9bd271fa02ad
Static task
static1
Behavioral task
behavioral1
Sample
Quotation for MRS-KNRP-6842FT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation for MRS-KNRP-6842FT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
iykeraymond007
Targets
-
-
Target
Quotation for MRS-KNRP-6842FT.exe
-
Size
597KB
-
MD5
0e05ba054cfa9fc01062106ecb7be866
-
SHA1
f3c0fbaa86e07127ba64b8e4beed6e27b7420892
-
SHA256
960bd8c97556103ef59589637bd1c9384a6a0cb8f0b6fb2e8b60864068102064
-
SHA512
b9c8962ef8c66adcf4f0f089235f58086ec760612d740693cbff6d779ed4eedb09a6918d3cea5c4f21c5b12ee566d429688c7ce07114c96bf44c9be502a85fd4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-