General
-
Target
34bcf90ffa1f2ab93a15141dbe3fb009dfb862e9037a53749ea1193868bdf616
-
Size
444KB
-
Sample
220521-bjqt3abhf9
-
MD5
f21006618e68630fa3e1af5af3c797c9
-
SHA1
a3d2c546f8eda45f0f3749549ade837a2428ae1a
-
SHA256
34bcf90ffa1f2ab93a15141dbe3fb009dfb862e9037a53749ea1193868bdf616
-
SHA512
e02b5110d5b0263d74a7cd57afecc2a0ba8bed41f7f3ddeadf33732cb99d0b1724a68fde8460d4ea429e8fa2495052a0669c1dcf2d37670f097492001ad54bc7
Static task
static1
Behavioral task
behavioral1
Sample
Request for Quotation - (146-22101100).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Request for Quotation - (146-22101100).exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
hygiene@789
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
hygiene@789
Targets
-
-
Target
Request for Quotation - (146-22101100).exe
-
Size
676KB
-
MD5
6fe9e9e0ed7ef34a25022f6c00008517
-
SHA1
bb1ac7ae84c34fa9b1a92456de7136bdc9ae9d68
-
SHA256
bb94a881c3aa20c54450ee7d907eae152aa667a7a3280f7b00b44051d92322f5
-
SHA512
a1df6a91b2ef43bd4038f69a807587b4953bdc353e13f13925f18fb733431fed81a2a1d25d738a4c578c35fcd5346664b68160ba5a4ebd8b5613dc5e9a0b99b1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-