General
-
Target
55326c11cf1e5960b4b724af2e9be2d3e7d61f0f469a115d6b7c569911555de9
-
Size
444KB
-
Sample
220521-nfheqsggcr
-
MD5
750b208b2ceb261962f8b51cd7251f5f
-
SHA1
02468da520dd4f47b31dab126d5484748682f084
-
SHA256
55326c11cf1e5960b4b724af2e9be2d3e7d61f0f469a115d6b7c569911555de9
-
SHA512
95f8677fc8a6a285abeb7ff1f3d0da7ed4d11773cafa803719bbe2371726962f0b3a3aea84bcd9643216a1c52ff6a45e771dd33c7e18861966de5ce5c89b0ed9
Static task
static1
Behavioral task
behavioral1
Sample
URGENT QUOTATION.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
URGENT QUOTATION.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
account26@lonqsailing.net - Password:
IZmBVEm3
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
account26@lonqsailing.net - Password:
IZmBVEm3
Targets
-
-
Target
URGENT QUOTATION.exe
-
Size
549KB
-
MD5
203695345c45125e54608c6aed247b88
-
SHA1
8bb6d8101db17c8337b20797ac18d2c8c0fc56a9
-
SHA256
150d964fbfa64a31d6d9846500d2353e2aab67c7664cd222244c8e97c8e24b95
-
SHA512
5043c3b6c48c050c71a723ed1bd3a8a0951fa97167afdb7760649f783dee99f90aa925de260a1d93d9f214d8c98060d2b8c1ce7b1abbbf54a720337e0880443d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-