General
-
Target
46cd5635bac840ab5baa76e7ad569d305291d86adf9f6c79f2b8a9d84b12f29e
-
Size
412KB
-
Sample
220521-bknfbsfadm
-
MD5
15ae21a4cb7884d10bc8165ba418bf4b
-
SHA1
65838ee7342719a52dcec9969311a63f07b22b34
-
SHA256
46cd5635bac840ab5baa76e7ad569d305291d86adf9f6c79f2b8a9d84b12f29e
-
SHA512
74038cdf981b864316c2eb4f8901c8bbf91d058044f1bf0ec08aa19ac59124ccdc565b394300b4daea013b7c2e262d5f9bc8c100755b1871693285d7290add28
Static task
static1
Behavioral task
behavioral1
Sample
RFQ- Msasa installation Urgent.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ- Msasa installation Urgent.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.desmaindian.com - Port:
587 - Username:
[email protected] - Password:
!hTnTvF5
Targets
-
-
Target
RFQ- Msasa installation Urgent.exe
-
Size
772KB
-
MD5
0affebfbb3319cb615ccf524a0e1e8ed
-
SHA1
74e8371aff5a59b95f2d13b9390dca0bc34f395e
-
SHA256
58df4d2cea8c94b519a4ef3b44a26236a318202a7f651fc8bf2fb65cf75942e8
-
SHA512
60c39e3e81284344159604c3893dfd1e30a43b34026978b4cf079d0a52d323e520c8743f8b998e071c5ba92f39acd74597fea668d4a5c2b941e550568963c754
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-