General
-
Target
a45feb7f7a0029a8083d04c195ea2e20a8c6012921db0fd63b591293755d04e5
-
Size
390KB
-
Sample
220521-n3aneaeed5
-
MD5
9e14981368dc40679ddebf04e9eb2b62
-
SHA1
95b27b20b6329aef69d9fc6ec2915af0294218eb
-
SHA256
a45feb7f7a0029a8083d04c195ea2e20a8c6012921db0fd63b591293755d04e5
-
SHA512
877bbb0bef0d295aa8174a2efcb624ba3ab0b27215b68cb9f6a985bf93d64dfdce2492885332dcaa397ed79d42a4f01354d8d16731417a56b0b0a12cea910957
Static task
static1
Behavioral task
behavioral1
Sample
PMR#RFQ_PRICE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PMR#RFQ_PRICE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pptoursperu.com - Port:
587 - Username:
info@pptoursperu.com - Password:
mailppt2019-
Targets
-
-
Target
PMR#RFQ_PRICE.exe
-
Size
460KB
-
MD5
370b2f265b4c7761a0e0e6bb4af1bbfb
-
SHA1
d55fc557a2d5d5ba7f7e0b9da746d9e2143bdeae
-
SHA256
22c8b886622a8f8b14fc4cc6c4f476c5f00077f21518fb73f8ea9d48f9b6f499
-
SHA512
d60731fe6b72a0a9792e5d8c3a860c74febc3eef9787b4f1e3f3ce06f95af95cd9c1917bd51492c470b7892c2ea74a7daf1782aae5a5e4e8cd8f3796bc879a88
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-