General
-
Target
772599fcf2724b31d7e8015dc109370b0f19ef0ae78390f7c225f7e526664fb5
-
Size
374KB
-
Sample
220521-n52vnshghp
-
MD5
4d14a8cefc8f3f7c2de14d79db1871bf
-
SHA1
edf5df3151aceae79ea5459c405f390a12705077
-
SHA256
772599fcf2724b31d7e8015dc109370b0f19ef0ae78390f7c225f7e526664fb5
-
SHA512
509d08213f7014a34ee60702aa8852022f0fd9704d243d74a299144540d7af8181a8e17ddd33f41667cd39608e38739b239c313400ee6eb63f65ead9044f30fd
Static task
static1
Behavioral task
behavioral1
Sample
New Request for Quotation.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Request for Quotation.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.okgrocer.co.za - Port:
587 - Username:
[email protected] - Password:
Theunis@123
Targets
-
-
Target
New Request for Quotation.exe
-
Size
554KB
-
MD5
45ea380f7cff0d5d4c529f2ae389bea0
-
SHA1
18ceae3e46865cd7b0e0718b6d536c70f3c631dc
-
SHA256
44c339f76dceed23e3bb1ec0ba2b8f7ae626877a46b50b197d3a03541cadfb0a
-
SHA512
0b32ceb42a48f9719c8238bd8f6f4136e8cccf472ff65033a35251d63188eb0a522a8cd2f279867e1f34af036c867326117d774359ed6e1f56afebbeb70e7943
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-