General
-
Target
583735ae9de54f4ed2cce99a510a0ebc1eca8f7c56fc87fd3f2be5e864ab0e8f
-
Size
356KB
-
Sample
220521-pw5qmsgbb2
-
MD5
8a884421e641326c8f2e76961a398635
-
SHA1
9fefd87f62ba3e535894b7b7f63518f99aae9746
-
SHA256
583735ae9de54f4ed2cce99a510a0ebc1eca8f7c56fc87fd3f2be5e864ab0e8f
-
SHA512
e877fb40ff562219a3ee9eee33c118017bf72356a50633048dfdb2e2f864f9680b36b6bf4ff80be09baee2a10fc17891cd55cb2c2c23bac1b4c44711557361a0
Static task
static1
Behavioral task
behavioral1
Sample
RFQ SC0054852_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ SC0054852_PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.urban.co.th - Port:
587 - Username:
info@urban.co.th - Password:
Urban@1143
Targets
-
-
Target
RFQ SC0054852_PDF.exe
-
Size
403KB
-
MD5
41b5f25fa55f9dc4d320a3c66754ec05
-
SHA1
cdcde4167731c38a8bee5aa752e9c03705c69421
-
SHA256
6e9ef93b4bb2c7ea78dbba96cb34e747294454c2d142276329951e580044ddd3
-
SHA512
95dcf28bd6621d8d2e098df713d8e99c58e297a5797a94975a7ac61c780f0212092105fac5d0fddcb389e66b3a80d447f66cc58d5a7a6d3d4adef96a3b761a2f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-