General
-
Target
ad9115b3aff4522e9dd139d70066cc950bcd0de0e2bd0d01c78e08bd0199c096
-
Size
449KB
-
Sample
220521-neemfsgffm
-
MD5
45a8cfc3ce926e8547f6d0f92ba4e66a
-
SHA1
47f5da286b6d902b3f6ee65f059aa153770b90f6
-
SHA256
ad9115b3aff4522e9dd139d70066cc950bcd0de0e2bd0d01c78e08bd0199c096
-
SHA512
ac3c18fc9c53b3c4654544317844134d3f9d189be5bac712b269397cd0826ad6343c81eba4c5c263b0fcfef0700b7129ff69163bea3fb2f2c0405fc92bfe4432
Static task
static1
Behavioral task
behavioral1
Sample
PE_C015_RFA-GA-(S)-233-R0-2020 QUOTE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PE_C015_RFA-GA-(S)-233-R0-2020 QUOTE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
@damienzy.xyz2240
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
@damienzy.xyz2240
Targets
-
-
Target
PE_C015_RFA-GA-(S)-233-R0-2020 QUOTE.exe
-
Size
550KB
-
MD5
17aab7f9d312d050471134b9a0caa4ec
-
SHA1
e58212d94c2fb210789900baf9dc73d1b1893b0b
-
SHA256
a4cd48b821c140a3a02f3da126f78d7e465d25e441743c129b925af0065efb52
-
SHA512
9d32255bb4f317c2e4a1d05ad263ba9ad16b27de7077cf11ef3cc9091e74473fcf19a207856a5f9ee07f8395cd0b794acc8eb39667f5b3581eabd3220837962f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-