General
-
Target
648df7b486ed0abf84c922839628e281c8ce3a3db87e6e5cbeb2b526e413448c
-
Size
406KB
-
Sample
220521-bay43sbfb4
-
MD5
5ee452187714097e0afd3f7bca42fe23
-
SHA1
7e236e881572faf06a9d789b3b26552cd9869798
-
SHA256
648df7b486ed0abf84c922839628e281c8ce3a3db87e6e5cbeb2b526e413448c
-
SHA512
294358592249fbf29d16aeff4b93e62fe0c91ddffd3afc50783127bb08ec2c939ebcdce4c283b6f4cfa44d265b20cb4256ee3abe2020507c23dff96e3f04e9ae
Static task
static1
Behavioral task
behavioral1
Sample
Quote-DOC-20200806-55839.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quote-DOC-20200806-55839.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Sages101*
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Sages101*
Targets
-
-
Target
Quote-DOC-20200806-55839.pdf.exe
-
Size
476KB
-
MD5
be225ec01cc3c8f2d7b840a9c20a6a56
-
SHA1
43582a2fdd53ff41ee143defb4fe519d07740b3e
-
SHA256
7662b95c8a34a134787fc3242b8b82059416f582103965a8da7457769e2739f1
-
SHA512
3e1032a471469a7f3f6243268ecf94a2ca38d7ea4bbefadf6b5f960142158e581f148318a19e6d6420fab94a971bd19e62dd5d2b14ba6479fe74ae6f4c6c35df
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-