General
-
Target
d6529b50d83b029e36e4d965c8f382f782712455335be497ff40c8923da98442
-
Size
460KB
-
Sample
220521-nzah8sheap
-
MD5
3bce9beb0657ae46127cb7528c7b8312
-
SHA1
81e02b646bbbfb269dfe75473564d353b01aa154
-
SHA256
d6529b50d83b029e36e4d965c8f382f782712455335be497ff40c8923da98442
-
SHA512
c96989811d95a25b7749a89127880564a8a916dadfe8d5b77da808eefc10329139a0dade9277d8f68cb16d3dc79bfcd6662842344b3b27b6ad79a7928b0210f0
Static task
static1
Behavioral task
behavioral1
Sample
RFQ_NEW ORDER_56388220200819.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ_NEW ORDER_56388220200819.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.dedhivala.com - Port:
587 - Username:
[email protected] - Password:
kcouI9pl
Targets
-
-
Target
RFQ_NEW ORDER_56388220200819.pdf Speci ind.exe
-
Size
578KB
-
MD5
e448b4a5228d5671b8bbddf0d7a49c71
-
SHA1
4c6a25fece04cfbccb4a391fddd00f28a2e68293
-
SHA256
863f0ddd42637cf7834c62eb3384eed304788d96bcfba2cb686fdcad8cbcdcb0
-
SHA512
dc2ea136c148f03ac012cde3b5647151e91b727ecd93953aae1b77616d8b6ba7ed4cf99b253b83741e81cde7d41e2f39c82c1fa42bfb1edec0090b5727c0bc85
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-