General
-
Target
121bca15983a8662d14929daf34b98104b260cd5acab341c616257addf62ccf5
-
Size
515KB
-
Sample
220521-bybcxscfe9
-
MD5
dba6f7c382e64d7cbd24d73629bda0f3
-
SHA1
68ce7a465139c7937887eb8512f0d0545e739b14
-
SHA256
121bca15983a8662d14929daf34b98104b260cd5acab341c616257addf62ccf5
-
SHA512
d4656d2b80dec8f466b72810f0e72ee40f610a8ed3c96cb48f48f973c7d801859aaf5c46d754954e71c59b02f26c267925edab1a0f0473e10d1ce86444ba089e
Static task
static1
Behavioral task
behavioral1
Sample
REQUEST FOR PROPOSAL - KHAI QUOC TDR-05052020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
REQUEST FOR PROPOSAL - KHAI QUOC TDR-05052020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
EQQDdWP2
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
EQQDdWP2
Targets
-
-
Target
REQUEST FOR PROPOSAL - KHAI QUOC TDR-05052020.exe
-
Size
599KB
-
MD5
99f2fcd36d14a8993a1f5af2cba8d2ed
-
SHA1
acfad8fb18e290240ddc2be6157057e2a89d5bb9
-
SHA256
27ef45a0e5db4ffe4e67ae3ce507aaf93e5618df7a12f1d443a5aea81cb2a895
-
SHA512
8fe37906c97bbc4f6b440deee253c7068b43e7f6a0363c014b542bca41d2231fda6454bbcfd99af67108b758a6ca515a9cb996ecabdde7e1b432bbed4772dcfd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-