General
-
Target
3c9a0132db88f6bda4a9d7de976fc523aa2e95aba453cb8e5faed8342c75b101
-
Size
494KB
-
Sample
220521-azj6saeadk
-
MD5
b120f127153c0d8e90ae3b08a9725990
-
SHA1
e78bb933363c741cd19d9c997ed96e35d5c16e00
-
SHA256
3c9a0132db88f6bda4a9d7de976fc523aa2e95aba453cb8e5faed8342c75b101
-
SHA512
91f081da029fad475f2c80b8c85a5c373f04e83579d0b7c01dc94c037169d52238b8337ec8f3f90f73670414932ea0370b106414acd7efcdc68efb5713981b57
Static task
static1
Behavioral task
behavioral1
Sample
REQUEST FOR QUOTATION BRAZIL PAVELLION PROJECT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
REQUEST FOR QUOTATION BRAZIL PAVELLION PROJECT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
challenge12345@
Targets
-
-
Target
REQUEST FOR QUOTATION BRAZIL PAVELLION PROJECT.exe
-
Size
609KB
-
MD5
0fba01b7102be2d8bdb1adc81865fea7
-
SHA1
16f9595048a35c76385b3ce035ab0b822a7afd42
-
SHA256
5d07514a0cb1e180c128adeb2cde69964604ea02b532926ea864f064f701b2dc
-
SHA512
5cbc79c9613b5a3e4155643d3ab1f8f7610a01e7bdc885c1291810064f8cc6d1cc6504c2dea71072a2295f6490402116cfdd4a90557af181d96fe89a2025438d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-