General
-
Target
874e7cec7e2a419d9bde0b2f83d218440195ccbc2c543917d088545dd612d362
-
Size
459KB
-
Sample
220521-nexg9sggak
-
MD5
44d5a8921491d3eb140f7e5cb219894d
-
SHA1
a6e2d5e300812e6958dd67d3dbfb584d13370bc2
-
SHA256
874e7cec7e2a419d9bde0b2f83d218440195ccbc2c543917d088545dd612d362
-
SHA512
16ea705860d5289610d77358d45ac5c28d674907917340ee1e0c764ab197a15ac9610120f6487d9cbe79614d953341bd1970c08b1ac02c69f66afe2544de1667
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATION REQUEST.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
QUOTATION REQUEST.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.taiemerica.com - Port:
587 - Username:
[email protected] - Password:
JuCbr%o3
Targets
-
-
Target
QUOTATION REQUEST.exe
-
Size
561KB
-
MD5
8c432a866f5a49fc717e6d87105f6e85
-
SHA1
d37fe8015a6e0828f346bcb0d0011d80e2deaf71
-
SHA256
c5f5603b50269c61cedf43b3f6b04f3d4e451ae69921dd0e4e76a62a56ad11df
-
SHA512
04705f46e231df33b324c455b46b16b0d16d94937780802183110f0c03796298478b842e3b0cada04155ece2efec5a59e3f36979d171fcdcbb47ce3497d8f7b9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-