General
-
Target
19790c444756285d67ed9894e2bef121e7b399984f4ed538aa1cd1e0f4ee9643
-
Size
390KB
-
Sample
220521-pyp3zabdgm
-
MD5
ea24d290411d212f77e8738e074db3b1
-
SHA1
2dea9890185dfe8389bb963dcaf2c3906995a6d6
-
SHA256
19790c444756285d67ed9894e2bef121e7b399984f4ed538aa1cd1e0f4ee9643
-
SHA512
df247880d117ebc1deadcfe51f33903ac56d6d9108a05be4fd65f6ed6c308ba6b2583cfbb96614478cebea3b84ff9906e565485e7e8be5bdfe421f37c80ef766
Static task
static1
Behavioral task
behavioral1
Sample
REQUEST FOR QUOTATION.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
REQUEST FOR QUOTATION.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
mullarwhite@yandex.com - Password:
challenge12345@
Targets
-
-
Target
REQUEST FOR QUOTATION.exe
-
Size
524KB
-
MD5
2d02fc0bb28b135bd28dcd4b66447e3e
-
SHA1
eb509573abe7488ba23a02cb7326fa2f4e3d8c27
-
SHA256
23f73a5c76d3f569e043322817d14f2618301b8ed17db3c52d26813b1a27b298
-
SHA512
a8ac57edce70b775823a2874439f89006ddf9d53de1cc901aad32ccc985d2d8f09f782bf88231cdc69c9e1df0136046012b3bbc4d8bc4a7e10a15626d356a26b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-