General
-
Target
d29d57047a3f99e5f7eb81a19c29d11fa5f768dbcb30601a6c05b7e8d259c51e
-
Size
572KB
-
Sample
220520-3rsgeahdd9
-
MD5
f84a6bf112f56b22e02626dec381b291
-
SHA1
0f76e45236c9af65df5e2211e0fec4592401dcfd
-
SHA256
d29d57047a3f99e5f7eb81a19c29d11fa5f768dbcb30601a6c05b7e8d259c51e
-
SHA512
1d867ce50ce7a01ca59fe5b4b6a9a278c45caeb212848a4531af9709dd2aa3d2bce64d97a8d20be4a3eca8482d45d3b9ffd0be7f0299d0b67fe0fcb4cf49175c
Static task
static1
Behavioral task
behavioral1
Sample
RMK TRADING LTD CATALOGUE 012_PDF .exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RMK TRADING LTD CATALOGUE 012_PDF .exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://trend.fischer-landmaschinen.me/ - Port:
21 - Username:
[email protected] - Password:
troopss@@
Protocol: ftp- Host:
ftp://trend.fischer-landmaschinen.me/ - Port:
21 - Username:
[email protected] - Password:
troopss@@
Targets
-
-
Target
RMK TRADING LTD CATALOGUE 012_PDF .exe
-
Size
511KB
-
MD5
081b3b925c356262788a067306c6c995
-
SHA1
02b588121e3a2887bf10267232cbfc7e838cd28a
-
SHA256
eb01b3b824c13f4703f9cb5e981496560de476c1a901ea3b04abec64996a6074
-
SHA512
5138ab751aaab16d20cb5da8074852b0e7e7e0339ac530fb8023e83e383bc8a5d9593eea7af8277e5f66ecbd6ebef22916b25f63703f88bb6001283fd3559fcc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-