General
-
Target
99d45cc516fd1fc2298975543fe3138179e40745396eca31cb99aa5f3226f9a9
-
Size
382KB
-
Sample
220521-cx91jahgcj
-
MD5
040740ebb77c71c938b92d9bcbc47724
-
SHA1
f98e018cf81eb75f6bd3c1170d8c1953e565210d
-
SHA256
99d45cc516fd1fc2298975543fe3138179e40745396eca31cb99aa5f3226f9a9
-
SHA512
f285e8de0445e39379af00b5b908d3d170aaf30359ebd6bdf34b01e90ddaabbce342a1d881ae4fe5585f16dee17f7433c61c1ee20b9aba86271a5f5b03b311eb
Static task
static1
Behavioral task
behavioral1
Sample
EMIN Vietnam Joint Stock Company RFQ_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
EMIN Vietnam Joint Stock Company RFQ_PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.greebals.gr - Port:
587 - Username:
[email protected] - Password:
2pvkb35mPGU#
Targets
-
-
Target
EMIN Vietnam Joint Stock Company RFQ_PDF.exe
-
Size
453KB
-
MD5
58bdb475e3b1b9d62407d94b5afd94c6
-
SHA1
14b8687de5b59217db4c675565a751bb1e2833f6
-
SHA256
a6a980334df0adebccc1a432ecf2d2ada83dbeb91b0dd5c47889d2e0f68dec89
-
SHA512
96dd490aa1baad8692f814d4c5a1df1b492607de8db9c83e9e74565ee5328db948efe45f87ac53635a952aef751ca0eb31f9fdb5e949b621c5688b857ad6f276
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-