General
-
Target
Request For Quotation.exe
-
Size
210KB
-
Sample
230403-pphmjagc3t
-
MD5
849e4575b962f3ba05ec2a74e1f1bfd1
-
SHA1
622379e35ecdcac678bf01912a5165f7394adce1
-
SHA256
73dd519acd12d0f745ae97a43ace2880516ef4f2682f8f5970be98418fb3cbe2
-
SHA512
cf589c81163fd18a1b57f773d880f4c0901e91535a5c66065453c9bdd4c0fc838797a6c681d90413e61f9e23d3b0c151961257224d31a7d799c8e1e27d919299
-
SSDEEP
6144:rvFSnrnkU2HYBkiXgznK86Fg0cr14K7nDhETsn4:mrnkr0khJ6FkrCA
Static task
static1
Behavioral task
behavioral1
Sample
Request For Quotation.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Request For Quotation.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.redseatransportuae.com - Port:
587 - Username:
[email protected] - Password:
method10@10 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.redseatransportuae.com - Port:
587 - Username:
[email protected] - Password:
method10@10
Targets
-
-
Target
Request For Quotation.exe
-
Size
210KB
-
MD5
849e4575b962f3ba05ec2a74e1f1bfd1
-
SHA1
622379e35ecdcac678bf01912a5165f7394adce1
-
SHA256
73dd519acd12d0f745ae97a43ace2880516ef4f2682f8f5970be98418fb3cbe2
-
SHA512
cf589c81163fd18a1b57f773d880f4c0901e91535a5c66065453c9bdd4c0fc838797a6c681d90413e61f9e23d3b0c151961257224d31a7d799c8e1e27d919299
-
SSDEEP
6144:rvFSnrnkU2HYBkiXgznK86Fg0cr14K7nDhETsn4:mrnkr0khJ6FkrCA
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-