General
-
Target
de49b1e90182231c349cfb09bf631ecbbfd6752c6a83fca107e1b387ab042254
-
Size
420KB
-
Sample
220521-mx4hvscfd7
-
MD5
59b915ec256efba862bc69d25a22dcb9
-
SHA1
f4592120519703fa6bfa30347b0385c6880569da
-
SHA256
de49b1e90182231c349cfb09bf631ecbbfd6752c6a83fca107e1b387ab042254
-
SHA512
39ed4ad4d8b9bc48dd91dc45b2298159256913a5f15b00f0d8fee2b8a1cd0ff56854ff1541201bc78461f637479920e3649e6e50ee0ac6b1e755e63080a6b441
Static task
static1
Behavioral task
behavioral1
Sample
FOB machine Quotation.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
FOB machine Quotation.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.ableacn.com/ - Port:
21 - Username:
[email protected] - Password:
vw9((q&;E}_L
Protocol: ftp- Host:
ftp://ftp.ableacn.com/ - Port:
21 - Username:
[email protected] - Password:
vw9((q&;E}_L
Targets
-
-
Target
FOB machine Quotation.exe
-
Size
668KB
-
MD5
f2e9e25b319bf1fe6bcdd066fe726ea9
-
SHA1
f4ef81cea6e14d2cad0c7a7f2c1348b6479ce313
-
SHA256
30e37124f75673a8862b10320d1ba3716adc8993e255e96d40523aa9722162bb
-
SHA512
2943c9b65bb2b5552d8ad49ccf37b17fc1cb0244a4647d5988977725c0494a5a04006d1658c4d46616e7a59a2f24c3022079e8b73fb4bbfa236135274b011c0a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-