General
-
Target
40d5bbe1d42fcbf09fa3789174d04f8a07c44417ecf1b9823a9dda4f399c12d5
-
Size
677KB
-
Sample
220521-pxqccabdcn
-
MD5
dd160559c24405ee18fec9e2399ee5b8
-
SHA1
16d80bfca6be01b9e0a5fa609272720432bc0e21
-
SHA256
40d5bbe1d42fcbf09fa3789174d04f8a07c44417ecf1b9823a9dda4f399c12d5
-
SHA512
350b167dd3318bf30e783cee187837cf155b380ba4015363a9f5755d3076de82a34138bae616af59e703f9fc6096105747fe17bd2fd1ccebb3eb3125de42f605
Static task
static1
Behavioral task
behavioral1
Sample
Quotation Request.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation Request.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.varda.com.tr - Port:
587 - Username:
info@varda.com.tr - Password:
varda9997929
Extracted
Protocol: smtp- Host:
mail.varda.com.tr - Port:
587 - Username:
info@varda.com.tr - Password:
varda9997929
Targets
-
-
Target
Quotation Request.exe
-
Size
1.0MB
-
MD5
cbfff4b18ad63daf6990e48335a7aa1b
-
SHA1
76b04133c97c8689d1f4d567103775cc91e67236
-
SHA256
55dda2889a2fae3ddbe54c70a6ff687d366887a672502d00513543bb9aa482f3
-
SHA512
72e9b65ebc3452adc6f8ad83b5951f8d27eacfbcc01061243f3f989545e0076afc650eefd1de876ae91248c6be7c9ebdad85ccaf8d2b1ec91d7c8d9d4b26377b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-