General
-
Target
9a3422935153a9ecea795e009f5df6fd69806b6f2689ca17dda35631d313edbb
-
Size
1.0MB
-
Sample
220521-m71jysgcgp
-
MD5
455f00791a72aacc3b51337ca4690ccf
-
SHA1
0e84a21a840a4b8aa987f7affbb9abaf9f9dc988
-
SHA256
9a3422935153a9ecea795e009f5df6fd69806b6f2689ca17dda35631d313edbb
-
SHA512
0074613e0d481e32f94eb07730a71791d7d2be23e9740fd0c5efb8c4bbc4ec1e8180d8a7344ba517dc64a865e10362a618bbde93eae0bea509989c4cfe8d36ec
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATION_REQUEST.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
QUOTATION_REQUEST.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.sarniotex.com - Port:
587 - Username:
[email protected] - Password:
dL@KoFb6
Targets
-
-
Target
QUOTATION_REQUEST.exe
-
Size
1.4MB
-
MD5
084191a98803e956b9f5009e96d7a4fe
-
SHA1
d5fe30bb526d168c62d49dc5a3933ec9742c4c57
-
SHA256
6a617cbc6e41a2e0ab810d412877b47dff0f4e4a4e98f3f92b3041c3ec27652e
-
SHA512
96ae3f3580386cf38733168cb61711dec33924a38a4a7c5ffda557de6c4f265b248cca3abc29b0accc77918788d1c19597b05e358e64fac4abc3b423b636a80a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-