General
-
Target
6eeb0d386fc110cb6ae44e66db6886c1645e2268267a1f28533754d8e7ce3d9d
-
Size
506KB
-
Sample
220521-am6t1saec2
-
MD5
46fbe1a2448829cd84d250772623476c
-
SHA1
537e9791a422820fff4a8a8c0c6a74c8af985e66
-
SHA256
6eeb0d386fc110cb6ae44e66db6886c1645e2268267a1f28533754d8e7ce3d9d
-
SHA512
2d85c1d9ed717a4166da399a0b88a07e8903fdc4775b2e8b54e1544433011c551281b0c1f7c601826a0e3e1f12deba1e844f0de03eb31911c37747d470ae3159
Static task
static1
Behavioral task
behavioral1
Sample
RFQ Bag 6.24.20.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ Bag 6.24.20.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
bh-58.webhostbox.net - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$
Extracted
Protocol: smtp- Host:
bh-58.webhostbox.net - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$
Targets
-
-
Target
RFQ Bag 6.24.20.pdf.exe
-
Size
725KB
-
MD5
aa328325ffd6eb33df17a33b37c545b8
-
SHA1
e8f1a324c26a6ee38a51e7fde77453988c8fb982
-
SHA256
63df2602ff2676e438e25c4544562736eb3c4da856280600d7790edcd0478914
-
SHA512
ae2dfae89589ff9487b4f1f9cbcada648681f2be3123389e5da8baf37bbe69bf041e78b3df8acc547b30567394f8c1c7b9d9f4959584c0e01253c477a5f135ca
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-