General
-
Target
ed11f13c0ec5c04613fbdc954eec80f9c3ca0b62ec94da92ace3d6ec98a34e43
-
Size
491KB
-
Sample
220520-3lptbshbb7
-
MD5
fa94b2fd76a15f24d8a991e4faafeca5
-
SHA1
17605a9ee466e5a31f188a8a1af6b763f24dac9f
-
SHA256
ed11f13c0ec5c04613fbdc954eec80f9c3ca0b62ec94da92ace3d6ec98a34e43
-
SHA512
053a507672906f22532875ca9f5fb0c14a406fbbaa346d9f8441fee9efc0f9d2a28df12cdd0f7c6d97ec53a7deaabd823e2745078a759e39c334406c1e58d8b7
Static task
static1
Behavioral task
behavioral1
Sample
RFQ REF R2100131410.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ REF R2100131410.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
sOeKk#E6
Targets
-
-
Target
RFQ REF R2100131410.pdf.exe
-
Size
609KB
-
MD5
56a28ee77b6d112ac1d2e6e6dca262e1
-
SHA1
a57a6582e50d10d2320b9334cf9b8dc5f3876f6e
-
SHA256
a1ae3cae3a7b93cf6120c02c769ba0779bc367f892e0aebc5809b7ec936e1c0f
-
SHA512
e15e99434aa9a7ee2c4e95e7c8fb43b556635f278dd29d0513773ddb6759500a96cadae528ea3f83db6c5287f469e8a97158aad4f5bd1c7c0bdd837a40ea2818
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-