General
-
Target
98d8f300efd4db1cfc1db9a28904bbf273b38534b416fbd7d3d78885cc73d014
-
Size
400KB
-
Sample
220521-cyfs3shgcq
-
MD5
2d10396286e546b8ecc44648173ed22a
-
SHA1
d51a4151b3c7a57542b5908cf344bf02d76fbb82
-
SHA256
98d8f300efd4db1cfc1db9a28904bbf273b38534b416fbd7d3d78885cc73d014
-
SHA512
02cd7c0fffdb4b85575490f1a785d24bf1d0b47cf4bfbce3fffbadf59247dd76318c1f12cc2feb4859a87fcd1b162cdfa49107a96d087412e44ff6e973723c25
Static task
static1
Behavioral task
behavioral1
Sample
RFQ_C73639811.PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ_C73639811.PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.cdldxy-cn.com - Port:
587 - Username:
[email protected] - Password:
SSzps(s5
Targets
-
-
Target
RFQ_C73639811.PDF.exe
-
Size
436KB
-
MD5
6f5505f192e637d38811991f4f62b81a
-
SHA1
055e0e03018b75b39a551b754f4eaad8067e6481
-
SHA256
d872c84aaa87d90521400f1d6052524e0d2256b3d865aeaad679beea3919a49e
-
SHA512
82adeb010bdd3674b77bc930b7608e2bdc50a14309b42ea91c57f91225173cf23e417af50525ee40f720e025ad3ff68e3025a23c163e284eef33badc230a1017
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-