General
-
Target
7fd0b339ba2848308a68af071d8b825d10deda1a7da6c40329a79173ff86f4fc
-
Size
432KB
-
Sample
220521-bjndyaehhm
-
MD5
c3c8a73b071e12ab091b5cba6f6368c4
-
SHA1
48873f074c5f8fa66574f4068fbb9be4b4b30072
-
SHA256
7fd0b339ba2848308a68af071d8b825d10deda1a7da6c40329a79173ff86f4fc
-
SHA512
2141fdafc983b24b43aafc0b90985aab9048bad9c0ade613855ce087f5ef27901d7474038b1547f56ae69ead9cad314eb7405a48da2315477fbb44791b0ba11f
Static task
static1
Behavioral task
behavioral1
Sample
Rv Quotation_Request_Sheet.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Rv Quotation_Request_Sheet.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
nnedimma080
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
nnedimma080
Targets
-
-
Target
Rv Quotation_Request_Sheet.pdf.bat
-
Size
654KB
-
MD5
18eedad20bcf509f489bfca8831ab3bf
-
SHA1
f3369a6864cf4f53376096c2faaebb8bda802126
-
SHA256
b43942a6c8b89e2696abecd55fc787b54c53ae4fb89c7784b4c54cc5e99c30ef
-
SHA512
10356dbc2ddc5b630142262e681792091eaae102c039eab67fbe707c429b6046a1e3bf12f92ebb2f22a5277a428e0a405b048ebafa735ff2ba909ff412d7299e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-