General
-
Target
05844bc004af9194e53b16bdb3f0ba6e4f976673df78f41a86edcd437a642fa6
-
Size
383KB
-
Sample
220521-ppyzhsfgd3
-
MD5
da571948c48af8e027ce7578c0470473
-
SHA1
6f6db5dab366b78ad0029a986888fd06c3148de1
-
SHA256
05844bc004af9194e53b16bdb3f0ba6e4f976673df78f41a86edcd437a642fa6
-
SHA512
33ca3e708734f869eeede85fd03cf0dd21662f53e63f7bc0bfcf10649d1177790b99fc3b942cdbbf6acb005efb9f7b43419f1ba8e3626a2cfd87aad2eca80724
Static task
static1
Behavioral task
behavioral1
Sample
Request For Quotation.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Request For Quotation.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Request For Quotation.exe
-
Size
422KB
-
MD5
4e84615687a80db56bb958d06e772099
-
SHA1
fb822d2c634a8700f263953462a30b0652c25868
-
SHA256
cb8503881bc157b1c984dfb66a76d2ef039c723666098a917adca4d247ea03d8
-
SHA512
9c3314c1ed528388d8b8bff7b2c9f5ade7280ff9a1f106656e93613ad5a9b1397ee3af318cbbb6731f7698fb56921a4a15a831f53a0d949079ce69323a7c7930
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-