General
-
Target
RFQ Inquiry sheet.rar
-
Size
753KB
-
Sample
221208-ng8cjscg6v
-
MD5
5c57273193ec5af96b9bfb2edc8fe6e0
-
SHA1
c04fc764317efbe8ec0c82259d4fe96b0f02639d
-
SHA256
6b6e0545ff5704d86b762ab424849e1ce93b921aaab6840a0af4bc265dae1c15
-
SHA512
cf5e2646bea7d64079bb3b0c650ff6f6bc1a2d17d9103f4d4d342660046cb23d0fde28a340f9dfd17e59e024abcc8a92bf220f86d0959320e7419ab0eebd97d4
-
SSDEEP
12288:nJO12E+1YfFySRzJJVoyj6kN306c/mYPyH7uBn7vQO9Xi6MV1octeP712OiKCU4a:n31YfJNyyjN9y/Q7Mrr9Xh2EVsm
Static task
static1
Behavioral task
behavioral1
Sample
sample order sheet.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
sample order sheet.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.togotaxgovernance.com - Port:
587 - Username:
data@togotaxgovernance.com - Password:
bScS(yyM7
Targets
-
-
Target
sample order sheet.exe
-
Size
916KB
-
MD5
15e12b5617dfb66d983963368dd80fc2
-
SHA1
dc6aeb6d475168ca144b739eea005de0d4ff905d
-
SHA256
24db2e7ba38ff5dc81c50e2b03c174de23cad2b480bb82a989b00f12767e19a0
-
SHA512
8cb6a582ea70566f15f48186bab7b02ce23797c7f97f26ad520f908aecd076eb51f5c86eee2cafb93c2bb1b00f17fa6989877271a03e9fd88c5e5aea337161a5
-
SSDEEP
12288:d2PFilGPtdUASF1cpeVBe9Brd52WBKG1dzBomLtx0M3UyapY+ZmBjHUk+q7K3o3n:U9iUl9SF659BrdUtgdmssmihZmBHM
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-