General
-
Target
72cd770832a37bf59afc53b9bc86abc8df0db30f0da2c47beaed44b05a9c3ec2
-
Size
437KB
-
Sample
220521-c88a3sfbh7
-
MD5
00fb8d328a3e9b34025c31680ed2120c
-
SHA1
3d267340b44b793319b54c6403ee6fc57f186f0e
-
SHA256
72cd770832a37bf59afc53b9bc86abc8df0db30f0da2c47beaed44b05a9c3ec2
-
SHA512
eb74ed7dfe911c416cbe6cdd3e715290ccbd171e96132a44997b7534a062e5bf343d0e71503ee1a1ad647d7b1df83cafb671c823c3ca95201b8977ce399a87cd
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-000083832.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ-000083832.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pptoursperu.com - Port:
587 - Username:
[email protected] - Password:
mailppt2019-
Targets
-
-
Target
RFQ-000083832.exe
-
Size
455KB
-
MD5
6af267ac464e76c1d7c0b39c258ae7dd
-
SHA1
cf073432e9f3a54723ca6b8ea68f90f4ac054630
-
SHA256
2ed3c334493409927240f012d70190ef7feca44e27416cede763011ac187c4ef
-
SHA512
7ed13d0e9fd6406c98678f9ba8f44d64c1d8297c469e55691a906306416229209dc6a3915b07f4a146cfb581651f285c7d16e14a03823736cd8fe07ab3138c1e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-