General
-
Target
d1e7e6f643a524cf88ca21a88dd0e303b8e330334ac12ca4e61cf859bf039175
-
Size
1.0MB
-
Sample
220521-mm42msfbgm
-
MD5
8d08b615b74d61c54fb6e6b82004d8f8
-
SHA1
6c51c9b67296c823282af009b348f30cb30d4bed
-
SHA256
d1e7e6f643a524cf88ca21a88dd0e303b8e330334ac12ca4e61cf859bf039175
-
SHA512
9757be6ff907949035cf7519f2ac6e3483cc414f43363ed6134d8a0669f99ddd05e396b7d4dec5bd8ad8965dc97763f69c6958505dc90a8c6b223349a94b77b0
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-ORDER NO. 8326.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ-ORDER NO. 8326.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.pharco--corp.com - Port:
587 - Username:
[email protected] - Password:
(UxyAlp7
Targets
-
-
Target
RFQ-ORDER NO. 8326.exe
-
Size
1.4MB
-
MD5
767658d77b605751797d9910d21c45ea
-
SHA1
0855e88973a5d2a2ec52f1dcca3f6fd93b6ce439
-
SHA256
5e78ea677a053e6a02b66b50efdabde81043d3559fce740496c7beb1983200a6
-
SHA512
e5f4ab0c51fae4d78216ae1237baf5d9b2abed9d5aa3790113c2f6d3a688e821be69f18678bac5cf0c39c6cd8af036fa459fcddc78a0f4d33a4dc9238f1e161b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-