General
-
Target
3d6adf930f293d025223315f0ac99e64e01d2eed618a71636807184cd65a8132
-
Size
394KB
-
Sample
220521-n3fjnahffj
-
MD5
44437a3abb0ac421d1773465ad7af2cc
-
SHA1
d8766a276157041c98b638e97ca05729ca2f09c0
-
SHA256
3d6adf930f293d025223315f0ac99e64e01d2eed618a71636807184cd65a8132
-
SHA512
fd76e6dff0f81f528c31c50c51880d532baf27f3244962151685621602ee93050b6e026a550d26247c2e070422351e9ae367d0af66710159fa6d9f4475cbf00a
Static task
static1
Behavioral task
behavioral1
Sample
URGENT REQUEST FOR QUOTATION QUOTE00782020.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
URGENT REQUEST FOR QUOTATION QUOTE00782020.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
sOeKk#E6
Targets
-
-
Target
URGENT REQUEST FOR QUOTATION QUOTE00782020.pdf.exe
-
Size
708KB
-
MD5
26a528a86cad4a65522eba4db40f5014
-
SHA1
37c01731625dd9f5000cd33b449e8c6ebcba470b
-
SHA256
de77f2b2fe58ab75b2a6876cc9883d59330766559847223284d764b74d88df12
-
SHA512
644f192b771c9435698cb60a803eb08281cf7ff82db82f2a2bc5defd58f81cc9ef06446a37795babdb3d07aeb83ced36081bb2624c37c756f03b3cc490487a7a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-