General
-
Target
c293265e69a4e781948e0991d0f99c1c22c04d33c1405c3fa1fe20733952678e
-
Size
414KB
-
Sample
220521-n1frmsede3
-
MD5
790a33711bf26660931f94b405f67665
-
SHA1
8e8f1898575220a8d01cc1796d8390af15b0d707
-
SHA256
c293265e69a4e781948e0991d0f99c1c22c04d33c1405c3fa1fe20733952678e
-
SHA512
f690f41988d74566d1d8464a2fb455977ecf84d4d35e7f8d15e92461df2bd3e1d6dc7ddf4d854d65945dd09a4264b67eee042cbadaf40d74553461ab6b1b820d
Static task
static1
Behavioral task
behavioral1
Sample
Urgent Inquiry (HEC RFQ).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Urgent Inquiry (HEC RFQ).exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
spar@interiorsidea.fit - Password:
71c7eb1f8ba
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
spar@interiorsidea.fit - Password:
71c7eb1f8ba
Targets
-
-
Target
Urgent Inquiry (HEC RFQ).exe
-
Size
622KB
-
MD5
344711a513dc11fb20626acfe0a702b5
-
SHA1
585720af846999cbde9e0caa6e79fae842495470
-
SHA256
5436a7bcc453550473db1a6e439538bd0ba7c6a87577f450642dab6da0f33263
-
SHA512
c3fd35bc091a5dafadab197b8ad1f6c5e9f22eaad44e92d5bb0c3664bee8e91b49ff78e40634df35aa7d7698d83e23383359f3233e93b0f2f06f3ca79bda3981
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-