General
-
Target
RFQ E22-0350 pdf.zip.exe
-
Size
1.2MB
-
Sample
221125-lyfbzscf71
-
MD5
18bb5d9bdba44a27341244d0d988e8a7
-
SHA1
e5055d4b1909f9366149dc0870e301bb665c1d47
-
SHA256
f3e1de591d92fcd9d64d221505e83d93f5639a8f154323e2d82923251d7e57b6
-
SHA512
08253f6fcbf58db3383a83e25a2f439925bb0e2c59d2ce114b66884c47803284234911d5d7618de28c434f0d657f77a5a9a3ca109c68e773c95ed02ee6bd9df8
-
SSDEEP
24576:VwGLqdOlfOCzrd5xSQalVte3697LBRUeeVP5jT:lLqdO30QatxvUf5
Static task
static1
Behavioral task
behavioral1
Sample
RFQ E22-0350 pdf.zip.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
RFQ E22-0350 pdf.zip.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
host39.registrar-servers.com - Port:
587 - Username:
[email protected] - Password:
a^m %0E DAg Q$G
Extracted
agenttesla
Protocol: smtp- Host:
host39.registrar-servers.com - Port:
587 - Username:
[email protected] - Password:
a^m %0E DAg Q$G
Targets
-
-
Target
RFQ E22-0350 pdf.zip.exe
-
Size
1.2MB
-
MD5
18bb5d9bdba44a27341244d0d988e8a7
-
SHA1
e5055d4b1909f9366149dc0870e301bb665c1d47
-
SHA256
f3e1de591d92fcd9d64d221505e83d93f5639a8f154323e2d82923251d7e57b6
-
SHA512
08253f6fcbf58db3383a83e25a2f439925bb0e2c59d2ce114b66884c47803284234911d5d7618de28c434f0d657f77a5a9a3ca109c68e773c95ed02ee6bd9df8
-
SSDEEP
24576:VwGLqdOlfOCzrd5xSQalVte3697LBRUeeVP5jT:lLqdO30QatxvUf5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-