General
-
Target
348fed5cc56ec419bab57b4c3cf6cd64c8c2100b9a2d33d822b552f36acf5a9b
-
Size
499KB
-
Sample
220521-b4hn7agadp
-
MD5
e39731ecbfe3b65d2f5edabb9a6d4f89
-
SHA1
35752b1e5faf85985647f5964cc2cbcba7627ede
-
SHA256
348fed5cc56ec419bab57b4c3cf6cd64c8c2100b9a2d33d822b552f36acf5a9b
-
SHA512
aa6aa6654a2302656bf28b5f42f41fb0ee97613e8e8fb34d0e0d0762b0cbf6032b4ef1524373ccf5362407b15dc8b48ae4a4dbbe67c1622d1bfde2bddd2439a4
Static task
static1
Behavioral task
behavioral1
Sample
Inquiry RFQ 33307.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Inquiry RFQ 33307.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ikrrispharmanetwork.com - Port:
587 - Username:
[email protected] - Password:
Q5Ab{kp_p0?a
Targets
-
-
Target
Inquiry RFQ 33307.exe
-
Size
843KB
-
MD5
77a805f8f52ca2ce8865e0b39cd3d9ab
-
SHA1
7994710126438452afa09cf5ccaee14294c00f15
-
SHA256
d55a82ddece8372f6c66dd91b8a02160bdd3a3e34f8df09bcbb44a40c6893827
-
SHA512
4e0a3fe2cb2a3e0093fc277d6a7731eaf897da0fe0c9c00fcf7906c56b428be70aa543304f260c687fa4337f57ca47a6ee25f70e7202ddce83db8b04d57e8056
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-