General
-
Target
c6bc726f70d1fbef9055c39ccbe29b66a9127b5c6c60168f643ad81b33c1d549
-
Size
397KB
-
Sample
220521-nbg86sddd4
-
MD5
17f3a75031507889b077bb97f09808b3
-
SHA1
85d35ff37c42d92dfc0c13f234fcf194c51b59c1
-
SHA256
c6bc726f70d1fbef9055c39ccbe29b66a9127b5c6c60168f643ad81b33c1d549
-
SHA512
e06a386f92cf88f2a7b1e27db4b02555dfec02a7c153d77125f091d2609fcd36a9ffaeab7f84f86a6e740f6c9172d3d8f947cb3daa8239e47971b9917a0ac940
Static task
static1
Behavioral task
behavioral1
Sample
REQUEST FOR QUOTATION.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
REQUEST FOR QUOTATION.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
houstondavidson@yandex.com - Password:
faith12AB
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
houstondavidson@yandex.com - Password:
faith12AB
Targets
-
-
Target
REQUEST FOR QUOTATION.exe
-
Size
485KB
-
MD5
0017d17282a129581734bed8909a1834
-
SHA1
ed531a64ea7760b4340050b0c0ac22c986bfbed9
-
SHA256
447235c202bca3db7596b2c56520f599911d763ff35c60bcfb1ede433a48d1f9
-
SHA512
d44a6c3163ab5a85bed8d191a1390cc82b66cf36b5e93712a7ae25e781aec4769cf2b07263eefa5ede36ab67e92517e07d4dc9f2c148f328cc1cf1cccf9727e8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-