General
-
Target
e5d3293bb885009c8f6691eb9a45d4c7f6c4869f5e4f0f196dc519bb9f39472b
-
Size
645KB
-
Sample
220520-3mttnshbe9
-
MD5
2ed8e27a8d936e6b27f3b0854df533d9
-
SHA1
2a502329ae11fcf863142f33bc209ccff08716c0
-
SHA256
e5d3293bb885009c8f6691eb9a45d4c7f6c4869f5e4f0f196dc519bb9f39472b
-
SHA512
aa0d4de3d45dbee5f26c4ac462d721a6d271ec2a6c7a51e10ef9fb8d83110e28d6d49bd585862817acff8204665ba0fb280daf60e902a49ac63f0e3501312131
Static task
static1
Behavioral task
behavioral1
Sample
REQUEST FOR QUOTATION.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
REQUEST FOR QUOTATION.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
challenge12345@
Targets
-
-
Target
REQUEST FOR QUOTATION.exe
-
Size
885KB
-
MD5
380dccf3e217737abd694fb7ae9221e9
-
SHA1
5884af1454d84b531951b9e69ddf51611804bb13
-
SHA256
fb42ce632ff111ef24eebae3f336e0e04b8602dd621e2886a22ce0870ce287c4
-
SHA512
458604779b2497c0b7bcfdd7f1ee3111e9fef3201c0a3a8bd8bf9039fea6cf7f13f7280a2d4775432fef3a29e6ca6ecbd505427b522644bfe65818a3d26fc2e5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-