General
-
Target
c3b6afc692a2e41d98070148d1d7e6cc1c5a0a6e154e4fb7359c89e158cc1a8c
-
Size
380KB
-
Sample
220521-n1b4fsedd7
-
MD5
8291a8a1226dc6c0bc6040a12fd40545
-
SHA1
60372c377b94a4b8d1dcae92abb709ac744e8011
-
SHA256
c3b6afc692a2e41d98070148d1d7e6cc1c5a0a6e154e4fb7359c89e158cc1a8c
-
SHA512
288cebdf40f520b45bab8362eb2b7741c712ac55a6c0e1ae6297bc93fbfaab139573f42479409d23be05708fe7b2d5658c2a94c184fe1dcc7c48024173d24c6e
Static task
static1
Behavioral task
behavioral1
Sample
RFQ # 097663899.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ # 097663899.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pptoursperu.com - Port:
587 - Username:
info@pptoursperu.com - Password:
mailppt2019-
Targets
-
-
Target
RFQ # 097663899.exe
-
Size
517KB
-
MD5
c95c87c201c9378e1d9adb7037d2b7e7
-
SHA1
ff1f4a1123609ea18e9c65a5b36a4e536b40ae6a
-
SHA256
b9a6dd35f9ca163d4e76a25d642ca7a580272ea7886a6a639273ac5b732e9f8c
-
SHA512
b54ecc0039f89171dc059a007190125365c7aa08cea2e4f049d30993000ea81e6c3efb01c9880153b3b67e557090024b1fac8d7e5ee4e7dc1d7577a60a289b0a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-