General
-
Target
URGENT REQUEST FOR QUOTATION.rar
-
Size
729KB
-
Sample
240302-rf46aaed84
-
MD5
148d03762a23c1d838b536d69b978ac1
-
SHA1
491db8453e4dc4234fb5fa500a795e4be4ebd26b
-
SHA256
98e709d1370236f05fb7eeb50885780edb612dfb11e9a7852841190cd8ce1629
-
SHA512
b93373b9fbea3ee77a710da3adb4bc70d18831a771fa592f2627057ee8bf88f0c51368c194e8a08bdef7ee2357c1b70ae36fc3f685a2627c4c61e583197ee932
-
SSDEEP
12288:W7XpvXKehR1LMXbxU0PIiaQI4pN+59BTMucpqW882o8TerFE1t3s1kYnSXWLx1TC:wXpP5PEb1Wnx/YNpqW88gTCFy3IkYnSr
Static task
static1
Behavioral task
behavioral1
Sample
URGENT REQUEST FOR QUOTATION.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
URGENT REQUEST FOR QUOTATION.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mcltransindo.com - Port:
587 - Username:
[email protected] - Password:
mcltelv#06032019# - Email To:
[email protected]
Targets
-
-
Target
URGENT REQUEST FOR QUOTATION.exe
-
Size
834KB
-
MD5
248848768f3bdd47f6fcd6a25cd6ace4
-
SHA1
32bab09e80087dcc4bd302484387799ad3470297
-
SHA256
df8e553c6b2d78a240c76c5efbc15beba8be24362f53d9bdfc0c42c74934d293
-
SHA512
961662f8856245e54dcb66bf20d1088857011b4a7e2a2e2cf55b0ffadc0e6e46201cd473197e6fafc5c69eb6180fb9a0060945a8622ed7fcd6fb19630b8fa1e5
-
SSDEEP
24576:tIWg5y9z3EID9zgDURr+BJuvBNomMbEwo+:tIWg5y53D6yr+BJIomMbs+
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-