General
-
Target
Request for Quotation.exe
-
Size
476KB
-
Sample
221125-dt6z5sgf45
-
MD5
56aed2990f9b4939304c6a3e86f92883
-
SHA1
993e3f753f91d34cf47577de756faff550c57ea9
-
SHA256
d0e7776bac7c4f0d6a2ba3314ffcf6f430130cd3f6f3ffc4b8496b31eec9043d
-
SHA512
5d37744ad5e91fc0999f4f41fe9c96aba72974f573df325924dfeed788e481356883f7fb4c5db32b62122aae364c32145408e10482b7932d9eb052ec5520d66a
-
SSDEEP
6144:YhukJjG7ncwnQolTAz4FzOr71pAKgR70wRNt91p/oebwN0GL6FVV2xqH+bCIVv26:Y8USnwQnO33AKgZZoebayFbbbIVAy3h
Static task
static1
Behavioral task
behavioral1
Sample
Request for Quotation.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Request for Quotation.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.svcnc.com - Port:
587 - Username:
[email protected] - Password:
Krupashine@6791 - Email To:
[email protected]
Targets
-
-
Target
Request for Quotation.exe
-
Size
476KB
-
MD5
56aed2990f9b4939304c6a3e86f92883
-
SHA1
993e3f753f91d34cf47577de756faff550c57ea9
-
SHA256
d0e7776bac7c4f0d6a2ba3314ffcf6f430130cd3f6f3ffc4b8496b31eec9043d
-
SHA512
5d37744ad5e91fc0999f4f41fe9c96aba72974f573df325924dfeed788e481356883f7fb4c5db32b62122aae364c32145408e10482b7932d9eb052ec5520d66a
-
SSDEEP
6144:YhukJjG7ncwnQolTAz4FzOr71pAKgR70wRNt91p/oebwN0GL6FVV2xqH+bCIVv26:Y8USnwQnO33AKgZZoebayFbbbIVAy3h
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-