General
-
Target
Request for Quotation.zip
-
Size
526KB
-
Sample
220930-q5s9msefbp
-
MD5
2a1c3e5da4078729ae9071ddd1a7044c
-
SHA1
e8aaa1e0d5f976f34fc37001e39d5b9ea95fcea0
-
SHA256
d59a102a5c1a9c53e0b7db065f342437cde3bbb3c74f41cd61804166368e9633
-
SHA512
33463aee9ecfb5806dfe3394b2ab973123288837a845b7604d961e7bb623a8a54e250e946e7bc4720e60e877f489317ae66c5238b20562cd43714b1037db5408
-
SSDEEP
12288:0QuALOV8XMF1IhdWOigEAs5UA5mnp+1UbyhIqvfNeNSH:0QZLO4BhdlWh5L5aIQILvVZ
Static task
static1
Behavioral task
behavioral1
Sample
Request for Quotation.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Request for Quotation.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5357159221:AAEuOoQ0pUc4ccIZou0EJ5Zin0mMneE2jYg/
Targets
-
-
Target
Request for Quotation.exe
-
Size
848KB
-
MD5
75116e224789066aeb6c83cbce17310a
-
SHA1
81b07f3125c34912405144bbcf3f751c334d35da
-
SHA256
bc3ecc8f2b20fb6d4bcf4ef92565c58c19040f5309e5cadbaa474344b7161f21
-
SHA512
d6bdab45a90ab60f67fdf9937dd01802d5207eb1192efc95046aae680be6a1aff496d2287ae1f4c0768ef73f364534850d5a249bda6834475c85deabd616ab62
-
SSDEEP
12288:r7bEXVFExN3AXkVB2hFWoiawAspUytmnP+zUj/woqjJ5nAp0:3bIVFxFhFTChpXtaGgmjrt
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-