General
-
Target
7cbef094aae68414fdd873332597340be798f187d1c33c10df9598c8d5197dcb
-
Size
419KB
-
Sample
220521-akhpeadcdm
-
MD5
4679642eed17c96afca5015c41505088
-
SHA1
8c39bd50b2ce79c4c62868c494bb21473347c91f
-
SHA256
7cbef094aae68414fdd873332597340be798f187d1c33c10df9598c8d5197dcb
-
SHA512
bbbe1717bfeae8c00dd6225f89f9913b607894d3eda740bc397871475e115420193118ed4708348f6e43fc793b4e0e9130e6b99bec05f87b6ee7be4acb07f8f8
Static task
static1
Behavioral task
behavioral1
Sample
Urgent RFQ -MR-002.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Urgent RFQ -MR-002.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ckali231
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ckali231
Targets
-
-
Target
Urgent RFQ -MR-002.exe
-
Size
748KB
-
MD5
296358935c929c2eec83a1d45bcdf7fc
-
SHA1
2a13120aac47dda49a3b1721503bb8cd261cfd89
-
SHA256
fa6093150da69da8d7e10fc94dbff851ea8c56ae75b0ee9122cfd0f03bad07b3
-
SHA512
4dad91002128d9daec15db6110f3cb38d20875fc8e4f3e455c5bb845f89cec2876970ba2bb8f4b13d58fb87c90aa60fab7d798eeb2105ea8de35128136a4a38d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-