General
-
Target
d7885615d9a07c32382e9c2f5313d972c2b4cedeec32f734f84320a6942fb772
-
Size
489KB
-
Sample
220521-n86m2aeha5
-
MD5
113409dc998b81d84b4c3c54fca7344b
-
SHA1
64604201f86afa78f7297edd311a93ff37445836
-
SHA256
d7885615d9a07c32382e9c2f5313d972c2b4cedeec32f734f84320a6942fb772
-
SHA512
bdaa0920713df4094884bdc09f25b0054f281c2714115aeba0d8eb33a0f177c958def1d2a08a44be3535194f0bccdda127bfa98d34a01805668fcbf0729b8388
Static task
static1
Behavioral task
behavioral1
Sample
Request for Quotation.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Request for Quotation.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Request for Quotation.exe
-
Size
524KB
-
MD5
3f2030f313a2d090cc4d53eeca796f63
-
SHA1
4ff68b056cee93ea0670a615c2d628f65965dca1
-
SHA256
9234cd7ffeb0ef5d02d5a127488cddc80602b0ca83da11662bc8df4f16ed92e9
-
SHA512
136dae2465372ede278ec53543725a5b84e50982977591dce6c45bccf9587642d0ba17b66c3bd3b051c995fb651450c98391da27304f24e2d89e4cbc5b91a737
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
CoreCCC Packer
Detects CoreCCC packer used to load .NET malware.
-
Accesses Microsoft Outlook profiles
-