General
-
Target
6b38e25c6e111c4f041b048ff8a74c22a60f81d05ce6b5de283de5042c87aed0
-
Size
366KB
-
Sample
220521-dbdwmsadhj
-
MD5
c944d513398d556991e18f3cbc4d33a9
-
SHA1
37776e1822dfc58a4b309aeb88e8e0ef05d51d7a
-
SHA256
6b38e25c6e111c4f041b048ff8a74c22a60f81d05ce6b5de283de5042c87aed0
-
SHA512
9aab2147a545e89f3a99bf31518cda373b0024e3459207140c422f05a6af16c55bb76cb215dc0879635173e91f1313a775c43327f62b6b0c90a3975a3f962ed0
Static task
static1
Behavioral task
behavioral1
Sample
Request For Quote.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Request For Quote.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.prcpl.com - Port:
587 - Username:
[email protected] - Password:
jyotika@2015
Targets
-
-
Target
Request For Quote.exe
-
Size
656KB
-
MD5
d9bd911bcf5a9b6b29d10e805b8bb877
-
SHA1
4812b2b03777351c93887a24087a36761ad1608e
-
SHA256
96a3201fa6c5771d32d5ca7d7caee1cf66dfc635b5b2466d1eb5c4f105b6446a
-
SHA512
c2c86ed6bff1eebd1f4c71c9860ea96c9a75ae8f38350b990f4ccf4530b55fbeb97b6172115493c3881f587cde4533242618e708f21886888b7fdbe5f0048109
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-