General
-
Target
15b121c6bc9422913028b027e5c489a59072561a8085a444b1ccc600d13dac7d
-
Size
377KB
-
Sample
220521-bx6sfacfe4
-
MD5
cd12f69e5c3738f9681a642c74f6678e
-
SHA1
3a2e5396a72d11eb3b39013f66f1e6d7bf2cf85d
-
SHA256
15b121c6bc9422913028b027e5c489a59072561a8085a444b1ccc600d13dac7d
-
SHA512
a1184740ea494a77ac8f964eb58095995e8d8aa6643bdc512b7629970409031cbe708c24406dadfc091e3817d49b5ee89f3978706bd18ea5d76ba01cb8e1e847
Static task
static1
Behavioral task
behavioral1
Sample
RFQ FOR JULY ORDER.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ FOR JULY ORDER.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
smart123456smart
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
smart123456smart
Targets
-
-
Target
RFQ FOR JULY ORDER.exe
-
Size
468KB
-
MD5
f18bd14e8cdc7139806ca7b034fc4b45
-
SHA1
bf6b6dbabc3e8a41a34cb6abe3585220656ca55f
-
SHA256
b3850a4a20e894c6b6510b89e84a93c91e48db0a5ae667c913ed212090308c8c
-
SHA512
a9a6df7d3a26cd1166008cbd24bf6e7c499d62dc86c012bd30e1fb881fecf618741fafd45f045da07a4e424d7852bb9752dbdcd5be14e713af6d5a17accdad18
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-