General
-
Target
67ad8ce9502073afd22ec0e50f9180c4ef39b943d5163456b4cb2d2119287f14
-
Size
404KB
-
Sample
220521-pkzp9aafhp
-
MD5
6e1d8204445120b1446cad6bcd92de9f
-
SHA1
a8c368e8eb500085c201e8d8e1009674730b9d0b
-
SHA256
67ad8ce9502073afd22ec0e50f9180c4ef39b943d5163456b4cb2d2119287f14
-
SHA512
3d38896ab5783e3b577def7e2d17ff2b7e0915eefde76ea40bf4f8b3081e630f6c805584be51870da452bd7725cf367ea47db038a8c950df0da1d4960c23c2b1
Static task
static1
Behavioral task
behavioral1
Sample
RFQ #120032020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ #120032020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pro-powersourcing.com - Port:
587 - Username:
vivi@pro-powersourcing.com - Password:
china1977
Targets
-
-
Target
RFQ #120032020.exe
-
Size
436KB
-
MD5
21add8a8d267dd8ee406d587f4fd9aad
-
SHA1
f98f2159ae8ca3aa605f1e3bd52df3df97e2db3e
-
SHA256
023868121ca6645fc5fe59e01180a4b1bfd9e9d659fd2d93a9a122d18d7687b6
-
SHA512
b8fae526d9aa21adba529243bb729f193268440626104a6edbd96f15a2b31443bb8a404b9ee80b7a16e1f41365528796b3ce2fdaf94bfbd87ec880b179ffc95a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-