General
-
Target
a0bcf0a699bad123a8dade06067df4838fcebf088de8a991b8671e57fcb0ee94
-
Size
324KB
-
Sample
220521-blfrwafafr
-
MD5
9719b80c133b0824d0377c973190e637
-
SHA1
ddf40df249dfba3ef0cecff15e92d8c6b78032ac
-
SHA256
a0bcf0a699bad123a8dade06067df4838fcebf088de8a991b8671e57fcb0ee94
-
SHA512
17f11b2cb472cd8d704413ef0b3eda56c24755826d489598cdfd9d4d1fbd4149cb2f688c1395783154f145fce1555f2601d65c1cb8b5e2a274d575429f08234c
Static task
static1
Behavioral task
behavioral1
Sample
RFQ_ITT 30-2020.pdf.exe
Resource
win7-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.apipharrnatech.com - Port:
587 - Username:
[email protected] - Password:
BlFM)d_p2D{K
Targets
-
-
Target
RFQ_ITT 30-2020.pdf.exe
-
Size
365KB
-
MD5
2857e40a8d328c591b1ce60a864af646
-
SHA1
f41405988bf66bbf5c60a4c735fcf2d9949fae2a
-
SHA256
18ee411e31ac1f4e3bcd2d811b147853bf2977645c631809acc75b7639e7292c
-
SHA512
e2de483b24c09c6c42f315992401852cf3d8439ed8ae2c1860e25116e4e00b7a5c9b4849a6d8714833b79b2b1cead465e3a67552f99ac3c4d28025cc093d94a8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-